check-banned FAILED: Malformed UTF-8 character
Mark Martinec
Mark.Martinec+amavis at ijs.si
Thu Apr 5 02:19:19 CEST 2012
> A manifestation of the Perl bug #32687:
> Encode::is_utf8 on tainted UTF8 string returns false
> https://rt.perl.org/rt3/Public/Bug/Display.html?id=32687
> [...]
> Please try the attached patch, it avoids testing Encode::is_utf8
> and just calls safe_encode() unconditionally.
While investigating this issue I became aware of another
bug in the perl module Encode, still unfixed in Encode 2.44
(and perl 5.14.2):
https://rt.cpan.org/Public/Bug/Display.html?id=64642
It gratuitously untaints a string when encoding or decoding it.
The bug report is classified as 'wish', although I'd call it
'serious' and 'security'.
I'll provide a workaround by a rewrite of my safe_encode and
safe_decode. To appear soon in a bug-fix release 2.7.1 .
Mark
More information about the amavis-users
mailing list