[SCM] GNU libidn branch, master, updated. libidn-1-32-11-gd4c533a

[Simon Josefsson]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU libidn".

http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=d4c533a5d975bf49090d3cd40acd230b8f79dd32

The branch, master has been updated
       via  d4c533a5d975bf49090d3cd40acd230b8f79dd32 (commit)
       via  f20ce1128fb7f4d33297eee307dddaf0f92ac72d (commit)
       via  9a1a7e15d0706634971364493fbb06e77e74726c (commit)
       via  289810a9bac09a8eb78a3d50f0721985d49358a9 (commit)
      from  8b6b44f1bffbdae98d8791434bf5e77da74acbb4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d4c533a5d975bf49090d3cd40acd230b8f79dd32
Author: Simon Josefsson <address@hidden>
Date:   Thu Jan 14 13:58:21 2016 +0100

    Add.

commit f20ce1128fb7f4d33297eee307dddaf0f92ac72d
Author: Simon Josefsson <address@hidden>
Date:   Thu Jan 14 13:46:52 2016 +0100

    Fix out-of-bounds stack read.  Report and patch by Hanno Böck.

commit 9a1a7e15d0706634971364493fbb06e77e74726c
Author: Simon Josefsson <address@hidden>
Date:   Thu Jan 14 13:06:26 2016 +0100

    Add regression check for Hanno Böck's stack OOB issue.

commit 289810a9bac09a8eb78a3d50f0721985d49358a9
Author: Simon Josefsson <address@hidden>
Date:   Mon Aug 10 14:01:46 2015 +0200

    Ignore more.

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                                    |    6 +++++
 NEWS                                          |    4 +++
 lib/idna.c                                    |    4 ++-
 tests/Makefile.am                             |    2 +-
 tests/{tst_utf8crash.c => tst_toascii64oob.c} |   27 +++++++++++++++++-------
 5 files changed, 33 insertions(+), 10 deletions(-)
 copy tests/{tst_utf8crash.c => tst_toascii64oob.c} (58%)

diff --git a/.gitignore b/.gitignore
index e206a3c..ee53963 100644
--- a/.gitignore
+++ b/.gitignore
@@ -243,8 +243,12 @@ gltests/test-fwrite
 gltests/test-fwrite.o
 gltests/test-getcwd-lgpl
 gltests/test-getcwd-lgpl.o
+gltests/test-getdelim
+gltests/test-getdelim.o
 gltests/test-getdtablesize
 gltests/test-getdtablesize.o
+gltests/test-getline
+gltests/test-getline.o
 gltests/test-getopt
 gltests/test-getopt.o
 gltests/test-gettimeofday
@@ -637,6 +641,8 @@ tests/tst_symbols
 tests/tst_symbols.o
 tests/tst_tld
 tests/tst_tld.o
+tests/tst_toascii64oob
+tests/tst_toascii64oob.o
 tests/tst_toutf8
 tests/tst_toutf8.o
 tests/tst_utf8crash
diff --git a/NEWS b/NEWS
index ff7a34b..65b579a 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,10 @@ See the end for copying conditions.
 
 * Version 1.33 (unreleased) [beta]
 
+** libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.
+See tests/tst_toascii64oob.c for regression check (and the comment in
+it how to use it).  Reported by Hanno Böck <address@hidden>.
+
 ** idn: Solve out-of-bounds-read by replacing fgets with getline.
 Reported by Hanno Böck <address@hidden>.
 
diff --git a/lib/idna.c b/lib/idna.c
index 5107d73..0ccd102 100644
--- a/lib/idna.c
+++ b/lib/idna.c
@@ -212,6 +212,8 @@ step3:
       }
     if (i < 64)
       out[i] = '\0';
+    else
+      return IDNA_INVALID_LENGTH;
     if (inasciirange)
       goto step8;
   }
@@ -266,7 +268,7 @@ step3:
 
 step8:
   free (src);
-  if (strlen (out) < 1 || strlen (out) > 63)
+  if (strlen (out) < 1)
     return IDNA_INVALID_LENGTH;
 
   return IDNA_SUCCESS;
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5421ddd..9130c32 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,7 +27,7 @@ libutils_a_SOURCES = utils.h utils.c
 
 ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3      \
        tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8             \
-       tst_symbols tst_badutf8 tst_utf8crash
+       tst_symbols tst_badutf8 tst_utf8crash tst_toascii64oob
 if TLD
 ctests += tst_tld
 endif
diff --git a/tests/tst_utf8crash.c b/tests/tst_toascii64oob.c
similarity index 58%
copy from tests/tst_utf8crash.c
copy to tests/tst_toascii64oob.c
index 31b9203..318168f 100644
--- a/tests/tst_utf8crash.c
+++ b/tests/tst_toascii64oob.c
@@ -1,5 +1,5 @@
-/* tst_utf8crash.c --- Self tests for malformed UTF-8 regressions.
- * Copyright (C) 2015 Simon Josefsson
+/* tst_toascii64oob.c --- Regression tests for stack OOB in idna_to_ascii().
+ * Copyright (C) 2002-2016 Simon Josefsson
  *
  * This file is part of GNU Libidn.
  *
@@ -32,17 +32,28 @@
 
 #include "utils.h"
 
-/* Based on report from Adam Sampson:
-   https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html */
+/* Reported by Hanno Böck in
+   https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html */
+
+/* This test requires you to build with CFLAGS="-fsanitize=address"
+   and disable valgrind since asan and valgrind conflict.  Thus
+   normally a bit uneffective, but may be useful to have around. */
 
 void
 doit (void)
 {
-  const char input[] = "\200bad.com";
+  const char *in = "00000000000000000000000000000000000000000000000000"
+    "00000000000000";
   char *output;
+  uint32_t *tmp;
   int rc;
 
-  rc = idna_to_unicode_8z8z(input, &output, 0);
-  if (rc != IDNA_ICONV_ERROR)
-    fail ("rc %d\n", rc);
+  tmp = stringprep_utf8_to_ucs4 (in, -1, NULL);
+  if (!tmp)
+    fail ("stringprep_utf8_to_ucs4 failed");
+
+  rc = idna_to_ascii_4z (tmp, &output, 0);
+  free (tmp);
+  if (rc != IDNA_INVALID_LENGTH)
+    fail ("idna_to_ascii_4z: %d", rc);
 }


hooks/post-receive
-- 
GNU libidn