Boost :

Subject: Re: [boost] [Locale] Security bug announcement - UTF-8 validation
From: Mathias Gaunard (mathias.gaunard_at_[hidden])
Date: 2013-01-04 11:23:09

• Next message: Robert Ramey: "Re: [boost] [1.53.0] Beta release candidates available"
• Previous message: Marshall Clow: "Re: [boost] Request permission to merge [82349]"
• In reply to: Jookia: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"
• Next in thread: Alex Perry: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"

On 04/01/13 16:00, Jookia wrote:

> Hello,
>
> Pardon my ignorance, but how would an invalid UTF-8 sequence cause a
> security threat? All I can think it would do is create garbage.

Different software treat malformed UTF-8 sequences differently. One
piece of software may consider that the sequence contains some special
characters while others might not.
This can be used for SQL injection among others.

• Next message: Robert Ramey: "Re: [boost] [1.53.0] Beta release candidates available"
• Previous message: Marshall Clow: "Re: [boost] Request permission to merge [82349]"
• In reply to: Jookia: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"
• Next in thread: Alex Perry: "Re: [boost] [Locale] Security bug announcement - UTF-8 validation"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk