On Fri, Feb 01, 2013 at 04:30:01PM -0500, Daniel Kahn Gillmor wrote:
> really? that sounds like a bug in either the library or its documentation:
No, it was a bug in my testing.
> blech, that sounds ugly.
Withdrawn.
> yep, but if you json_decref before returning a char* pointing to a
> string
On 02/01/2013 03:50 PM, Clint Adams wrote:
> That is a good idea, but it won't solve the UTF-8 problem, since
> json_string() will happily accept invalid UTF-8.
really? that sounds like a bug in either the library or its documentation:
file:///usr/share/doc/libjansson-doc/html/apiref.html#stri
On Fri, Feb 01, 2013 at 12:57:30AM -0500, Daniel Kahn Gillmor wrote:
> yeah, something like this looks about right; but this still expects
> that the data passed to json_string() is all valid UTF-8 strings. This
> should be true for PEM-encoded X.509 certificates (pkctype="x509pem"),
> but it's d
On 02/01/2013 12:27 AM, Clint Adams wrote:
> On Thu, Jan 31, 2013 at 08:24:29PM -0500, Daniel Kahn Gillmor wrote:
>> msv_query_agent() does not escape the data passed in. For example, if
>> pkcdata points to a C string with newlines in it, it will inject the
>> newlines directly into the JSON stri
On Thu, Jan 31, 2013 at 08:24:29PM -0500, Daniel Kahn Gillmor wrote:
> msv_query_agent() does not escape the data passed in. For example, if
> pkcdata points to a C string with newlines in it, it will inject the
> newlines directly into the JSON string, which is not valid JSON.
Perhaps something
Package: libmsv0
Version: 0.0.0-1
Severity: important
Tags: upstream security
msv_query_agent() does not escape the data passed in. For example, if
pkcdata points to a C string with newlines in it, it will inject the
newlines directly into the JSON string, which is not valid JSON.
Likewise, if a
6 matches
Mail list logo
