The unicode hack is in the comments. Google "Trojan Source". Having never dealt with Hebrew and Arabic, it was news to me there is a right to left feature in Unicode.
TWIT Security Now (MP3): SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune https://pdst.fm/e/chtbl.com/track/E91833/cdn.twit.tv/audio/sn/sn0843/sn0843.mp3#t=4768 [01:19:28] Or look for the paper. Hopefully this isn't too off topic. Original Message From: rei...@bbmk.org Sent: November 4, 2021 2:16 AM To: dovecot@dovecot.org Reply-to: dovecot@dovecot.org Subject: Re: Dovecot v2.3.17 released On Thu, 4 Nov 2021, Rupert Gallagher wrote: > Please convert all source code to ASCII. If it fails to compile, then it may > have a trojan hiding in Unicode clothing. Did you check yourself? The only source code files which contain non-7-bit-ASCII characters are 1. src/lib-storage/list/mailbox-list-index-status.c * Opportunistic function to see ïf we can extract guid from mailbox path */ i.e. in a /* comment */, and it's 8-bit ASCII not even UTF-anything. 2. src/lib-mail/test-qp-encoder.c which defines binary data. I don't think any C compiler allows Unicode in the code itself (instructions, variables names, etc.) Cheers.
