[eeps] EEP 35 "Binary string modules"
Kenji Rikitake
kenji.rikitake@REDACTED
Tue Nov 23 13:42:23 CET 2010
I also suggest any overlong or invalid sequences in the encoded binaries
should not be decoded and return errors in the bstring module.
Regards,
Kenji Rikitake
In the message <20101123123708.GA23027@REDACTED>
dated Tue, Nov 23, 2010 at 09:36:44PM +0900,
Kenji Rikitake <kenji.rikitake@REDACTED> writes:
> * Issues of overlong encoding (RFC3629 Section 3) must be explicitly
> addressed in the EEP also.
>
> From RFC3629 Section 3:
>
> "Implementations of the decoding algorithm above MUST protect against
> decoding invalid sequences. For instance, a naive implementation may
> decode the overlong UTF-8 sequence C0 80 into the character U+0000,
> or the surrogate pair ED A1 8C ED BE B4 into U+233B4. Decoding
> invalid sequences may have security consequences or cause other
> problems. See Security Considerations (Section 10) below."
More information about the eeps
mailing list