* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
@ 2021-11-02 10:13 ` fweimer at redhat dot com
2021-11-04 5:18 ` npv1310 at gmail dot com
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2021-11-02 10:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
2021-11-02 10:13 ` [Bug libc/28524] " fweimer at redhat dot com
@ 2021-11-04 5:18 ` npv1310 at gmail dot com
2021-11-04 19:32 ` fweimer at redhat dot com
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: npv1310 at gmail dot com @ 2021-11-04 5:18 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
--- Comment #1 from Nikita Popov <npv1310 at gmail dot com> ---
Created attachment 13756
--> https://sourceware.org/bugzilla/attachment.cgi?id=13756&action=edit
Proposed patch
Submitted proposed patch to address this issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
2021-11-02 10:13 ` [Bug libc/28524] " fweimer at redhat dot com
2021-11-04 5:18 ` npv1310 at gmail dot com
@ 2021-11-04 19:32 ` fweimer at redhat dot com
2021-11-05 21:32 ` sam at gentoo dot org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2021-11-04 19:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.35
Resolution|--- |FIXED
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.35 via:
commit ff012870b2c02a62598c04daa1e54632e020fd7d
Author: Nikita Popov <npv1310@gmail.com>
Date: Tue Nov 2 13:21:42 2021 +0500
gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524)
Bugfix 27256 has introduced another issue:
In conversion from ISO-2022-JP-3 encoding, it is possible
to force iconv to emit extra NUL character on internal state reset.
To do this, it is sufficient to feed iconv with escape sequence
which switches active character set.
The simplified check 'data->__statep->__count != ASCII_set'
introduced by the aforementioned bugfix picks that case and
behaves as if '\0' character has been queued thus emitting it.
To eliminate this issue, these steps are taken:
* Restore original condition
'(data->__statep->__count & ~7) != ASCII_set'.
It is necessary since bits 0-2 may contain
number of buffered input characters.
* Check that queued character is not NUL.
Similar step is taken for main conversion loop.
Bundled test case follows following logic:
* Try to convert ISO-2022-JP-3 escape sequence
switching active character set
* Reset internal state by providing NULL as input buffer
* Ensure that nothing has been converted.
Signed-off-by: Nikita Popov <npv1310@gmail.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (2 preceding siblings ...)
2021-11-04 19:32 ` fweimer at redhat dot com
@ 2021-11-05 21:32 ` sam at gentoo dot org
2021-11-08 16:30 ` siddhesh at sourceware dot org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: sam at gentoo dot org @ 2021-11-05 21:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (3 preceding siblings ...)
2021-11-05 21:32 ` sam at gentoo dot org
@ 2021-11-08 16:30 ` siddhesh at sourceware dot org
2021-11-08 17:24 ` npv1310 at gmail dot com
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2021-11-08 16:30 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |siddhesh at sourceware dot org
--- Comment #3 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
AFAICT the bug cannot be invoked through user input and requires iconv to be
invoked with NULL inbuf, which ought to require a separate application bug to
do so unintentionally. Hence there's no security impact to the bug.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (4 preceding siblings ...)
2021-11-08 16:30 ` siddhesh at sourceware dot org
@ 2021-11-08 17:24 ` npv1310 at gmail dot com
2021-11-08 17:37 ` siddhesh at sourceware dot org
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: npv1310 at gmail dot com @ 2021-11-08 17:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
--- Comment #4 from Nikita Popov <npv1310 at gmail dot com> ---
"the bug cannot be invoked through user input and requires iconv to be invoked
with NULL inbuf"
I never claimed opposite. I mentioned "certain use patterns" where reset
operation on iconv state should ensue. But, considering the importance of the
GLIBC project, I believe the issue in question is worth fixing.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (5 preceding siblings ...)
2021-11-08 17:24 ` npv1310 at gmail dot com
@ 2021-11-08 17:37 ` siddhesh at sourceware dot org
2021-11-08 17:54 ` fweimer at redhat dot com
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2021-11-08 17:37 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
--- Comment #5 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
(In reply to Nikita Popov from comment #4)
> operation on iconv state should ensue. But, considering the importance of
> the GLIBC project, I believe the issue in question is worth fixing.
Agreed, and thank you for the fix!
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (6 preceding siblings ...)
2021-11-08 17:37 ` siddhesh at sourceware dot org
@ 2021-11-08 17:54 ` fweimer at redhat dot com
2023-05-22 19:01 ` bruno at clisp dot org
2023-05-22 19:04 ` bruno at clisp dot org
9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2021-11-08 17:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
--- Comment #6 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Nikita Popov from comment #4)
> "the bug cannot be invoked through user input and requires iconv to be
> invoked with NULL inbuf"
> I never claimed opposite. I mentioned "certain use patterns" where reset
> operation on iconv state should ensue. But, considering the importance of
> the GLIBC project, I believe the issue in question is worth fixing.
Just to provide some context: We are trying to explain here why this isn't a
*security* bug (it has been flagged as a security issue elsewhere, presumably
by accident because it was a regression introduced by a security fix). Of
course it's a bug, and thank you for reporting and fixing it!
Without concrete evidence of application impact, I think this bug is just glibc
computing an incorrect result. Any bug could theoretically introduce an
application vulnerability, but we have to draw a line somewhere because
otherwise the distinction between security and non-security bugs becomes
meaningless.
As far as I understand it, this issue can only occur if the input sequence does
not return to the initial shift state, which is already partially corrupted.
Otherwise there isn't any work left to do for the do_flush case in
iconv/skeleton.c, and the bug does not materialize at all.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (7 preceding siblings ...)
2021-11-08 17:54 ` fweimer at redhat dot com
@ 2023-05-22 19:01 ` bruno at clisp dot org
2023-05-22 19:04 ` bruno at clisp dot org
9 siblings, 0 replies; 11+ messages in thread
From: bruno at clisp dot org @ 2023-05-22 19:01 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
Bruno Haible <bruno at clisp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bruno at clisp dot org
--- Comment #7 from Bruno Haible <bruno at clisp dot org> ---
Created attachment 14901
--> https://sourceware.org/bugzilla/attachment.cgi?id=14901&action=edit
non-roundtrip mappings in a GB18030 converter
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset
2021-11-01 17:48 [Bug libc/28524] New: Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset npv1310 at gmail dot com
` (8 preceding siblings ...)
2023-05-22 19:01 ` bruno at clisp dot org
@ 2023-05-22 19:04 ` bruno at clisp dot org
9 siblings, 0 replies; 11+ messages in thread
From: bruno at clisp dot org @ 2023-05-22 19:04 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
Bruno Haible <bruno at clisp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #14901|0 |1
is obsolete| |
Attachment #14901|non-roundtrip mappings in a |Mistake
description|GB18030 converter |
--- Comment #8 from Bruno Haible <bruno at clisp dot org> ---
Comment on attachment 14901
--> https://sourceware.org/bugzilla/attachment.cgi?id=14901
Mistake
Forget the added attachment; it does not belong here.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread