Memory contents leak when using invalid utf-8 for searches

Submitted by Jordan Conway on Wed, 10/06/2010 - 16:49

Issue ID:	2798
Issue Category:	security
Component:	core
Priority:	normal
Status:	fixed
Assigned:	brion
Version:	0.9

Memory contents leak when using invalid utf-8 for searches: See
what appears in the "Keywords" input field:
http//identi.ca/search/notice?q=%E0%81

it seems to actually be a PHP/libxml2 bug, reported upstream:
https://bugs.edge.launchpad.net/php/+bug/655442

Updates

#1

Submitted by Brion Vibber on Wed, 10/06/2010 - 18:13.

Status:

active

» fixed

This bad boy resolves it for now by kicking out bad UTF-8 web input:

[ebfa8bc] Basic validation of UTF-8 input via GET/POST vars: invalid UTF-8 sequences will cause the string to drop. Not necessarily super-thorough; should be improved in future to drop individual bad sequences

But if bogus data is floating around elsewhere in the system and gets shoved straight into an XMLWriter, similar could still happen.

You can also subscribe to the RSS feed for updates to this issue.

StatusNet Issue Tracker

Please search for duplicates before submitting a new issue!

We currently have

1516 open issues (3455 total)

Recent Issues

Empty Groups

shortener cut07.tk

tag #nsfw

[See all]

Open Source Users

Post an app, plugin or theme to the Add-on Directory New!
Submit a new issue, bug, or feature request