From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 05DE93858404; Mon, 8 Nov 2021 17:54:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 05DE93858404 From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/28524] Conversion from ISO-2022-JP-3 with iconv may emit spurious NUL character on state reset Date: Mon, 08 Nov 2021 17:54:16 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.35 X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2021 17:54:17 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28524 --- Comment #6 from Florian Weimer --- (In reply to Nikita Popov from comment #4) > "the bug cannot be invoked through user input and requires iconv to be > invoked with NULL inbuf" > I never claimed opposite. I mentioned "certain use patterns" where reset > operation on iconv state should ensue. But, considering the importance of > the GLIBC project, I believe the issue in question is worth fixing. Just to provide some context: We are trying to explain here why this isn't a *security* bug (it has been flagged as a security issue elsewhere, presumab= ly by accident because it was a regression introduced by a security fix). Of course it's a bug, and thank you for reporting and fixing it! Without concrete evidence of application impact, I think this bug is just g= libc computing an incorrect result. Any bug could theoretically introduce an application vulnerability, but we have to draw a line somewhere because otherwise the distinction between security and non-security bugs becomes meaningless. As far as I understand it, this issue can only occur if the input sequence = does not return to the initial shift state, which is already partially corrupted= .=20 Otherwise there isn't any work left to do for the do_flush case in iconv/skeleton.c, and the bug does not materialize at all. --=20 You are receiving this mail because: You are on the CC list for the bug.=