Boost mailing page: Re: [boost] [Locale] Security bug announcement

Date view	Thread view	Subject view	Author view

Subject: Re: [boost] [Locale] Security bug announcement - UTF-8 validation
From: Mathias Gaunard (mathias.gaunard_at_[hidden])
Date: 2013-01-04 11:23:09

Next message: Robert Ramey: "Re: [boost] [1.53.0] Beta release candidates available"
Previous message: Marshall Clow: "Re: [boost] Request permission to merge [82349]"
In reply to: Jookia: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"
Next in thread: Alex Perry: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"

On 04/01/13 16:00, Jookia wrote:

> Hello,
>
> Pardon my ignorance, but how would an invalid UTF-8 sequence cause a
> security threat? All I can think it would do is create garbage.

Different software treat malformed UTF-8 sequences differently. One
piece of software may consider that the sequence contains some special
characters while others might not.
This can be used for SQL injection among others.

Next message: Robert Ramey: "Re: [boost] [1.53.0] Beta release candidates available"
Previous message: Marshall Clow: "Re: [boost] Request permission to merge [82349]"
In reply to: Jookia: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"
Next in thread: Alex Perry: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"

Date view	Thread view	Subject view	Author view