[Mono-bugs] [Bug 57011][Nor] New - UTF8Encoding accept overlong encoding - while MS reject them
bugzilla-daemon@bugzilla.ximian.com
bugzilla-daemon@bugzilla.ximian.com
Wed, 14 Apr 2004 12:55:34 -0400 (EDT)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien@ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=57011
--- shadow/57011 2004-04-14 12:55:34.000000000 -0400
+++ shadow/57011.tmp.13898 2004-04-14 12:55:34.000000000 -0400
@@ -0,0 +1,45 @@
+Bug#: 57011
+Product: Mono: Class Libraries
+Version: unspecified
+OS: All
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: CORLIB
+AssignedTo: mono-bugs@ximian.com
+ReportedBy: sebastien@ximian.com
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: UTF8Encoding accept overlong encoding - while MS reject them
+
+Description of Problem:
+UTF8Encoding accept overlong encoding, like encoded NUL and slash. This can
+cause security problems when we try to compare the values (without
+comparing all possible UTF8 values). MS Fx 1.1 reject the overlong encoding.
+
+Steps to reproduce the problem:
+See UTF8EncodingTest unit tests: 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.1,
+4.2.2, 4.2.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5.
+
+
+Actual Results:
+Mono UTF8 decoder accept all entries.
+
+
+Expected Results:
+ArgumentException should be thrown.
+
+
+How often does this happen?
+Always
+
+
+Additional Information:
+- Safe decoder should reject overlong UTF8 as they can cause security problems.
+- MS implementation reject them.
+- Some case are rejected (4.2.4, 4.2.5) but probably for other reason
+(apart from being overlong).