Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8

To: Toshiro <toshiro@internet.com.uy>, 417649@bugs.debian.org
Subject: Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
From: Ana Guerrero <ana@debian.org>
Date: Wed, 4 Apr 2007 11:40:50 +0100
Message-id: <[🔎] 20070404104050.GA7684@pryan.sytes.net>
Reply-to: Ana Guerrero <ana@debian.org>, 417649@bugs.debian.org
In-reply-to: <[🔎] 20070404103128.GA7426@pryan.sytes.net>
References: <[🔎] 20070403225635.5865.67943.reportbug@terminus.empire.org.uy> <[🔎] 200704040110.44761.debian@pusling.com> <[🔎] 200704032148.04697.toshiro@internet.com.uy> <[🔎] 20070404103128.GA7426@pryan.sytes.net>

> 
> Attached is the diff from the version -7 and -8 (fixing a security bug). As
> you can see, we have not changed anything that can lead to this problem.
>

Attached now O)

diff -u kdelibs-3.5.5a.dfsg.1/debian/changelog kdelibs-3.5.5a.dfsg.1/debian/changelog
--- kdelibs-3.5.5a.dfsg.1/debian/changelog
+++ kdelibs-3.5.5a.dfsg.1/debian/changelog
@@ -1,3 +1,10 @@
+kdelibs (4:3.5.5a.dfsg.1-8) unstable; urgency=high
+
+  * Add patch to fix utf8-parsing vulnerability.
+  * Urgency high due to security fix.
+
+ -- Sune Vuorela <debian@pusling.com>  Thu, 29 Mar 2007 21:19:35 +0200
+
 kdelibs (4:3.5.5a.dfsg.1-7) unstable; urgency=high
 
   * Add patch 46_CVE-2007-1564-kdelibs-3.5.6.diff: untrusted sites that allow 
only in patch2:
unchanged:
--- kdelibs-3.5.5a.dfsg.1.orig/debian/patches/47_kdelibs-kjs-utf8-parsing.diff
+++ kdelibs-3.5.5a.dfsg.1/debian/patches/47_kdelibs-kjs-utf8-parsing.diff
@@ -0,0 +1,38 @@
+------------------------------------------------------------------------
+r645387 | porten | 2007-03-22 15:01:13 +0100 (Thu, 22 Mar 2007) | 4 lines
+
+substitute some of the invalid sequences with the standard replacement
+char. this matches Mozilla but not IE which leaves them unchanged (or
+throws an exception)
+
+------------------------------------------------------------------------
+--- kjs/function.cpp
++++ kjs/function.cpp
+@@ -244,11 +244,15 @@ UString decodeURI(ExecState *exec, UStri
+       }
+ 
+       // UTF-8 transform
++      const unsigned long replacementChar = 0xFFFD;
+       unsigned long V;
+       if (n == 2) {
+ 	unsigned long yyyyy = octets[0] & 0x1F;
+ 	unsigned long zzzzzz = octets[1] & 0x3F;
+ 	V = (yyyyy << 6) | zzzzzz;
++	// 2-byte sequence overlong for this value?
++	if (V < 0xFF)
++	  V = replacementChar;
+ 	C = UChar((unsigned short)V);
+       }
+       else if (n == 3) {
+@@ -256,6 +260,11 @@ UString decodeURI(ExecState *exec, UStri
+ 	unsigned long yyyyyy = octets[1] & 0x3F;
+ 	unsigned long zzzzzz = octets[2] & 0x3F;
+ 	V = (xxxx << 12) | (yyyyyy << 6) | zzzzzz;
++	// 3-byte sequence overlong for this value,
++	// an invalid value or UTF-16 surrogate?
++	if (V < 0x800 || V == 0xFFFE || V == 0xFFFF ||
++	    (V >= 0xD800 && V <= 0xDFFF))
++	  V = replacementChar;
+ 	C = UChar((unsigned short)V);
+       }
+       else {

Reply to:

References:
- Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
  - From: Toshiro Viera Stalker <toshiro@internet.com.uy>
- Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
  - From: Sune Vuorela <debian@pusling.com>
- Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
  - From: Toshiro <toshiro@internet.com.uy>
- Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
  - From: Ana Guerrero <ana@debian.org>

Prev by Date: Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
Next by Date: Bug#416824: Further Info
Previous by thread: Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
Next by thread: Bug#417649: 100% cpu utilization with kdelibs 4:3.5.5a.dfsg.1-8
Index(es):
- Date
- Thread