#840: Translation kit should be reviewed for utf-8 string vulnerabilities
--------------------------------------+--------------------
Reporter: marcusoverhagen | Owner: nobody
Type: enhancement | Status: new
Priority: normal | Milestone: R1
Component: Kits/libtextencoding.so | Version:
Resolution: | Keywords:
Blocked By: | Blocking:
Platform: All |
--------------------------------------+--------------------
Changes (by pulkomandy):
* component: Kits/Translation Kit => Kits/libtextencoding.so
Comment:
Functions to review (from a grep on "utf8"):
{{{
os/locale/UnicodeChar.h: static uint32 FromUTF8(const
char** in);
os/locale/UnicodeChar.h: static uint32 FromUTF8(const char*
in);
os/locale/UnicodeChar.h: static size_t
UTF8StringLength(const char* string);
os/locale/UnicodeChar.h: static size_t
UTF8StringLength(const char* string, size_t maxLength);
os/support/UTF8.h:status_t convert_to_utf8(uint32 sourceEncoding, const
char* source,
os/support/UTF8.h:status_t convert_from_utf8(uint32 destEncoding, const
char* source,
private/file_systems/QueryParserUtils.h:uint32
utf8ToUnicode(char** string);
private/interface/utf8_functions.h:UTF8NextCharLenUnsafe(const char *text)
private/interface/utf8_functions.h:UTF8NextCharLen(const char *text)
private/interface/utf8_functions.h:UTF8NextCharLen(const char *bytes,
size_t length)
private/interface/utf8_functions.h:UTF8PreviousCharLen(const char *text,
const char *limit)
private/interface/utf8_functions.h:UTF8CountBytes(const char *bytes, int32
numChars)
private/interface/utf8_functions.h:UTF8CountChars(const char *bytes, int32
numBytes)
private/interface/utf8_functions.h:UTF8ToCharCode(const char **bytes)
private/mail/mail_util.h:status_t mail_convert_to_utf8(uint32 srcEncoding,
const char *src,
private/mail/mail_util.h:status_t mail_convert_from_utf8(uint32
dstEncoding, const char *src,
private/mail/mail_util.h:ssize_t rfc2047_to_utf8(char **buffer, size_t
*bufLen, size_t strLen = 0);
private/mail/mail_util.h:ssize_t utf8_to_rfc2047(char **bufp, ssize_t
length,uint32 charset, char encoding);
private/system/convertutf.h:ssize_t utf16le_to_utf8(const uint16* source,
size_t sourceCodeUnitCount,
private/system/convertutf.h:ssize_t utf16be_to_utf8(const uint16* source,
size_t sourceCodeUnitCount,
}}}
None of this is in the translation kit, however. Moving to libtextencoding
even if that's also not quite accurate. We should also check why there are
so many utf8 manipulation functions all around.
All functions which manipulate "characters" (vs bytes) in BString are also
candidates.
--
Ticket URL: <https://dev.haiku-os.org/ticket/840#comment:4>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.