[libxslt] Check that crypto:rc4_decrypt produces valid UTF-8

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxslt] Check that crypto:rc4_decrypt produces valid UTF-8
Date: Sun, 15 Sep 2019 12:57:13 +0000 (UTC)

commit e1f8d2e6eb1167fd51eb5b8c99d2d40c37299897
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sun Sep 15 13:08:38 2019 +0200

    Check that crypto:rc4_decrypt produces valid UTF-8
    
    Otherwise, invalid UTF-8 could be sneaked into the output.
    
    Found by OSS-Fuzz.

 libexslt/crypto.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
---
diff --git a/libexslt/crypto.c b/libexslt/crypto.c
index ac390387..621fd904 100644
--- a/libexslt/crypto.c
+++ b/libexslt/crypto.c
@@ -755,7 +755,14 @@ exsltCryptoRc4DecryptFunction (xmlXPathParserContextPtr ctxt, int nargs) {
     PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
     ret[ret_len] = 0;
 
-    xmlXPathReturnString (ctxt, ret);
+    if (xmlCheckUTF8(ret) == 0) {
+       xsltTransformError(tctxt, NULL, tctxt->inst,
+           "exsltCryptoRc4DecryptFunction: Invalid UTF-8\n");
+        xmlFree(ret);
+       xmlXPathReturnEmptyString(ctxt);
+    } else {
+        xmlXPathReturnString(ctxt, ret);
+    }
 
 done:
     if (key != NULL)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]