Another g_markup_escape_text Vulnerability

Mark Doliner mark at kingant.net
Fri May 4 03:53:41 EDT 2012


Hey Elliott, from looking at your patch it seems like there might
still be a few places where we don't validate the string as UTF-8.
For example:
- If no content-type is provided
- If content-type is not text/plain
- If msg->charset is NULL and g_convert(from ISO-8859-1 to UTF-8) fails
- If msg->charset is set to something other than UTF-8 and
g_convert(msg->charset to UTF-8) fails and g_convert(ISO-8859-1 to
UTF-8) fails

It seems like we need to set msg->body to NULL if some of those
conversions fail.  Does this sound accurate to you?  I'll try making a
few tweaks and sending out another patch.


More information about the security mailing list