Re: How to treat utf8 text with overlong utf8 sequences?

To: ietf-ssh%netbsd.org@localhost
Subject: Re: How to treat utf8 text with overlong utf8 sequences?
From: Simon Josefsson <jas%extundo.com@localhost>
Date: Sat, 02 Oct 2004 18:55:46 +0200

nisse%lysator.liu.se@localhost (Niels Möller) writes:

> What do you think about sending overlong / "non-minimum form" utf8
> sequences in various utf8 strings in the protocol?
...
> RFC 2279 does not address these questions, as far as I can see.

For what it's worth, RFC 2279 is obsoleted by RFC 3629, which include:

   Implementations of the decoding algorithm above MUST protect against
   decoding invalid sequences.  For instance, a naive implementation may
   decode the overlong UTF-8 sequence C0 80 into the character U+0000,
   or the surrogate pair ED A1 8C ED BE B4 into U+233B4.  Decoding
   invalid sequences may have security consequences or cause other
   problems.  See Security Considerations (Section 10) below.

I don't think it is evident that "MUST protect against" imply
"reject", though.

Thanks,
Simon

References:
- How to treat utf8 text with overlong utf8 sequences?
  - From: Niels Möller

Prev by Date: Re: How to treat utf8 text with overlong utf8 sequences?
Next by Date: Text file type hint proposal for filexfer
Previous by Thread: Re: How to treat utf8 text with overlong utf8 sequences?
Next by Thread: Re: How to treat utf8 text with overlong utf8 sequences?
Indexes:

Home | Main Index | Thread Index | Old Index