[eeps] EEP 35 "Binary string modules"

Kenji Rikitake <>
Tue Nov 23 13:42:23 CET 2010

I also suggest any overlong or invalid sequences in the encoded binaries
should not be decoded and return errors in the bstring module.

Kenji Rikitake

In the message <>
dated Tue, Nov 23, 2010 at 09:36:44PM +0900,
Kenji Rikitake <> writes:
> * Issues of overlong encoding (RFC3629 Section 3) must be explicitly
>   addressed in the EEP also.
>   From RFC3629 Section 3:
>   "Implementations of the decoding algorithm above MUST protect against
>    decoding invalid sequences.  For instance, a naive implementation may
>    decode the overlong UTF-8 sequence C0 80 into the character U+0000,
>    or the surrogate pair ED A1 8C ED BE B4 into U+233B4.  Decoding
>    invalid sequences may have security consequences or cause other
>    problems.  See Security Considerations (Section 10) below."

More information about the eeps mailing list