Another g_markup_escape_text Vulnerability
Mark Doliner
mark at kingant.net
Fri May 4 03:53:41 EDT 2012
Hey Elliott, from looking at your patch it seems like there might
still be a few places where we don't validate the string as UTF-8.
For example:
- If no content-type is provided
- If content-type is not text/plain
- If msg->charset is NULL and g_convert(from ISO-8859-1 to UTF-8) fails
- If msg->charset is set to something other than UTF-8 and
g_convert(msg->charset to UTF-8) fails and g_convert(ISO-8859-1 to
UTF-8) fails
It seems like we need to set msg->body to NULL if some of those
conversions fail. Does this sound accurate to you? I'll try making a
few tweaks and sending out another patch.
More information about the security
mailing list