From 1d2276dc20153eb513d67aeb3464cf0c1edf6d38 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 22 Sep 2016 14:11:16 +0200
Subject: trust: Reject invalid UTF-8 input

Merge changes from utf8.c in FreeBSD's libc:
https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196

https://bugzilla.redhat.com/show_bug.cgi?id=985449
---
 trust/test-utf8.c | 2 ++
 trust/utf8.c      | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/trust/test-utf8.c b/trust/test-utf8.c
index 9b2c3d5..324975d 100644
--- a/trust/test-utf8.c
+++ b/trust/test-utf8.c
@@ -221,6 +221,8 @@ test_utf8_fail (void)
 		{ "Good news everyone\x88", -1 },
 		{ "Bad \xe0v following chars should be |0x80", -1 },
 		{ "Truncated \xe0", -1 },
+		{ "Surrogate \xed\xa0\x80", -1, },
+		{ "Out of range \xf4\x90\x80\x80", -1, },
 	};
 
 	for (i = 0; i < ELEMS (fixtures); i++) {
diff --git a/trust/utf8.c b/trust/utf8.c
index b94c3e7..72280b5 100644
--- a/trust/utf8.c
+++ b/trust/utf8.c
@@ -156,6 +156,12 @@ utf8_to_uchar (const char *str,
 		 */
 		return -1;
 	}
+	if ((uch >= 0xd800 && uch <= 0xdfff) || uch > 0x10ffff) {
+		/*
+		 * Malformed input; invalid code points.
+		 */
+		return -1;
+	}
 
 	*uc = uch;
 	return want;
-- 
cgit v1.1