Re: Yes, Rat's nest

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

From: Clive D.W. Feather (clive@demon.net)
Date: Mon Jul 01 2002 - 03:40:34 CDT

Next message: Charles Lindsey: "Re: UTF-8 quickfix for moderated groups"
Next in thread: Jean-Marc Desperrier: "Re: Yes, Rat's nest"

Erland Sommarskog said:
>> (BTW, in the last 2 years there are cases where bad unicode
>> implementation was responsible for security problems in MicroSoft's IIS,
>> so saying there are no normalization/encoding issues seems premature.)
> Were these issues related to normalization?

Or were they related to bad handling of UTF-8 "overlong" sequences ? This
is a known security hole, and is why all software handling UTF-8 *MUST*
detect overlong sequences.

-- 
Clive D.W. Feather  | Work:  <clive@demon.net>   | Tel:  +44 20 8371 1138
Internet Expert     | Home:  <clive@davros.org>  | Fax:  +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            | NOTE: fax number change

Next message: Charles Lindsey: "Re: UTF-8 quickfix for moderated groups"
Next in thread: Jean-Marc Desperrier: "Re: Yes, Rat's nest"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29.