From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 28 Sep 2025 13:42:44 +0000 (-0400)
Subject: handle zero terminated strings better in UTF8 checks.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce0faf3eb010bfe564af2892c280d3eb63b0bf8b;p=thirdparty%2Ffreeradius-server.git

handle zero terminated strings better in UTF8 checks.

the final zero is not valid UTF8.
Control characters are not valid UTF8.
Limit the allowed UTF8 length to where the trailing zero is located
---

diff --git a/src/lib/util/print.c b/src/lib/util/print.c
index 374756dd3ab..a330feb5d1b 100644
--- a/src/lib/util/print.c
+++ b/src/lib/util/print.c
@@ -40,7 +40,17 @@ inline size_t fr_utf8_char(uint8_t const *str, ssize_t inlen)
 {
 	if (inlen == 0) return 0;
 
-	if (inlen < 0) inlen = 4;	/* longest char */
+	if (inlen < 0) {
+		if (*str < 0x20) return 0; /* end of string, or control characters. */
+
+		/*
+		 *	The trailing zero can occur at any point in
+		 *	the next 4 characters.
+		 */
+		for (inlen = 1; inlen <= 4; inlen++) {
+			if (!str[inlen]) break;
+		}
+	}
 
 	if (*str <= 0x7f) return 1;	/* 1 */