[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU libidn branch, master, updated. libidn-1-32-11-gd4c533a
From: |
Simon Josefsson |
Subject: |
[SCM] GNU libidn branch, master, updated. libidn-1-32-11-gd4c533a |
Date: |
Thu, 14 Jan 2016 12:59:01 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU libidn".
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=d4c533a5d975bf49090d3cd40acd230b8f79dd32
The branch, master has been updated
via d4c533a5d975bf49090d3cd40acd230b8f79dd32 (commit)
via f20ce1128fb7f4d33297eee307dddaf0f92ac72d (commit)
via 9a1a7e15d0706634971364493fbb06e77e74726c (commit)
via 289810a9bac09a8eb78a3d50f0721985d49358a9 (commit)
from 8b6b44f1bffbdae98d8791434bf5e77da74acbb4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d4c533a5d975bf49090d3cd40acd230b8f79dd32
Author: Simon Josefsson <address@hidden>
Date: Thu Jan 14 13:58:21 2016 +0100
Add.
commit f20ce1128fb7f4d33297eee307dddaf0f92ac72d
Author: Simon Josefsson <address@hidden>
Date: Thu Jan 14 13:46:52 2016 +0100
Fix out-of-bounds stack read. Report and patch by Hanno Böck.
commit 9a1a7e15d0706634971364493fbb06e77e74726c
Author: Simon Josefsson <address@hidden>
Date: Thu Jan 14 13:06:26 2016 +0100
Add regression check for Hanno Böck's stack OOB issue.
commit 289810a9bac09a8eb78a3d50f0721985d49358a9
Author: Simon Josefsson <address@hidden>
Date: Mon Aug 10 14:01:46 2015 +0200
Ignore more.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 6 +++++
NEWS | 4 +++
lib/idna.c | 4 ++-
tests/Makefile.am | 2 +-
tests/{tst_utf8crash.c => tst_toascii64oob.c} | 27 +++++++++++++++++-------
5 files changed, 33 insertions(+), 10 deletions(-)
copy tests/{tst_utf8crash.c => tst_toascii64oob.c} (58%)
diff --git a/.gitignore b/.gitignore
index e206a3c..ee53963 100644
--- a/.gitignore
+++ b/.gitignore
@@ -243,8 +243,12 @@ gltests/test-fwrite
gltests/test-fwrite.o
gltests/test-getcwd-lgpl
gltests/test-getcwd-lgpl.o
+gltests/test-getdelim
+gltests/test-getdelim.o
gltests/test-getdtablesize
gltests/test-getdtablesize.o
+gltests/test-getline
+gltests/test-getline.o
gltests/test-getopt
gltests/test-getopt.o
gltests/test-gettimeofday
@@ -637,6 +641,8 @@ tests/tst_symbols
tests/tst_symbols.o
tests/tst_tld
tests/tst_tld.o
+tests/tst_toascii64oob
+tests/tst_toascii64oob.o
tests/tst_toutf8
tests/tst_toutf8.o
tests/tst_utf8crash
diff --git a/NEWS b/NEWS
index ff7a34b..65b579a 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,10 @@ See the end for copying conditions.
* Version 1.33 (unreleased) [beta]
+** libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.
+See tests/tst_toascii64oob.c for regression check (and the comment in
+it how to use it). Reported by Hanno Böck <address@hidden>.
+
** idn: Solve out-of-bounds-read by replacing fgets with getline.
Reported by Hanno Böck <address@hidden>.
diff --git a/lib/idna.c b/lib/idna.c
index 5107d73..0ccd102 100644
--- a/lib/idna.c
+++ b/lib/idna.c
@@ -212,6 +212,8 @@ step3:
}
if (i < 64)
out[i] = '\0';
+ else
+ return IDNA_INVALID_LENGTH;
if (inasciirange)
goto step8;
}
@@ -266,7 +268,7 @@ step3:
step8:
free (src);
- if (strlen (out) < 1 || strlen (out) > 63)
+ if (strlen (out) < 1)
return IDNA_INVALID_LENGTH;
return IDNA_SUCCESS;
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5421ddd..9130c32 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,7 +27,7 @@ libutils_a_SOURCES = utils.h utils.c
ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3 \
tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8 \
- tst_symbols tst_badutf8 tst_utf8crash
+ tst_symbols tst_badutf8 tst_utf8crash tst_toascii64oob
if TLD
ctests += tst_tld
endif
diff --git a/tests/tst_utf8crash.c b/tests/tst_toascii64oob.c
similarity index 58%
copy from tests/tst_utf8crash.c
copy to tests/tst_toascii64oob.c
index 31b9203..318168f 100644
--- a/tests/tst_utf8crash.c
+++ b/tests/tst_toascii64oob.c
@@ -1,5 +1,5 @@
-/* tst_utf8crash.c --- Self tests for malformed UTF-8 regressions.
- * Copyright (C) 2015 Simon Josefsson
+/* tst_toascii64oob.c --- Regression tests for stack OOB in idna_to_ascii().
+ * Copyright (C) 2002-2016 Simon Josefsson
*
* This file is part of GNU Libidn.
*
@@ -32,17 +32,28 @@
#include "utils.h"
-/* Based on report from Adam Sampson:
- https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html */
+/* Reported by Hanno Böck in
+ https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html */
+
+/* This test requires you to build with CFLAGS="-fsanitize=address"
+ and disable valgrind since asan and valgrind conflict. Thus
+ normally a bit uneffective, but may be useful to have around. */
void
doit (void)
{
- const char input[] = "\200bad.com";
+ const char *in = "00000000000000000000000000000000000000000000000000"
+ "00000000000000";
char *output;
+ uint32_t *tmp;
int rc;
- rc = idna_to_unicode_8z8z(input, &output, 0);
- if (rc != IDNA_ICONV_ERROR)
- fail ("rc %d\n", rc);
+ tmp = stringprep_utf8_to_ucs4 (in, -1, NULL);
+ if (!tmp)
+ fail ("stringprep_utf8_to_ucs4 failed");
+
+ rc = idna_to_ascii_4z (tmp, &output, 0);
+ free (tmp);
+ if (rc != IDNA_INVALID_LENGTH)
+ fail ("idna_to_ascii_4z: %d", rc);
}
hooks/post-receive
--
GNU libidn
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU libidn branch, master, updated. libidn-1-32-11-gd4c533a,
Simon Josefsson <=