This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU libidn".
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=d4c533a5d975bf49090d3cd40acd230b8f79dd32 The branch, master has been updated via d4c533a5d975bf49090d3cd40acd230b8f79dd32 (commit) via f20ce1128fb7f4d33297eee307dddaf0f92ac72d (commit) via 9a1a7e15d0706634971364493fbb06e77e74726c (commit) via 289810a9bac09a8eb78a3d50f0721985d49358a9 (commit) from 8b6b44f1bffbdae98d8791434bf5e77da74acbb4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4c533a5d975bf49090d3cd40acd230b8f79dd32 Author: Simon Josefsson <[email protected]> Date: Thu Jan 14 13:58:21 2016 +0100 Add. commit f20ce1128fb7f4d33297eee307dddaf0f92ac72d Author: Simon Josefsson <[email protected]> Date: Thu Jan 14 13:46:52 2016 +0100 Fix out-of-bounds stack read. Report and patch by Hanno Böck. commit 9a1a7e15d0706634971364493fbb06e77e74726c Author: Simon Josefsson <[email protected]> Date: Thu Jan 14 13:06:26 2016 +0100 Add regression check for Hanno Böck's stack OOB issue. commit 289810a9bac09a8eb78a3d50f0721985d49358a9 Author: Simon Josefsson <[email protected]> Date: Mon Aug 10 14:01:46 2015 +0200 Ignore more. ----------------------------------------------------------------------- Summary of changes: .gitignore | 6 +++++ NEWS | 4 +++ lib/idna.c | 4 ++- tests/Makefile.am | 2 +- tests/{tst_utf8crash.c => tst_toascii64oob.c} | 27 +++++++++++++++++------- 5 files changed, 33 insertions(+), 10 deletions(-) copy tests/{tst_utf8crash.c => tst_toascii64oob.c} (58%) diff --git a/.gitignore b/.gitignore index e206a3c..ee53963 100644 --- a/.gitignore +++ b/.gitignore @@ -243,8 +243,12 @@ gltests/test-fwrite gltests/test-fwrite.o gltests/test-getcwd-lgpl gltests/test-getcwd-lgpl.o +gltests/test-getdelim +gltests/test-getdelim.o gltests/test-getdtablesize gltests/test-getdtablesize.o +gltests/test-getline +gltests/test-getline.o gltests/test-getopt gltests/test-getopt.o gltests/test-gettimeofday @@ -637,6 +641,8 @@ tests/tst_symbols tests/tst_symbols.o tests/tst_tld tests/tst_tld.o +tests/tst_toascii64oob +tests/tst_toascii64oob.o tests/tst_toutf8 tests/tst_toutf8.o tests/tst_utf8crash diff --git a/NEWS b/NEWS index ff7a34b..65b579a 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ See the end for copying conditions. * Version 1.33 (unreleased) [beta] +** libidn: Fix out-of-bounds stack read in idna_to_ascii_4i. +See tests/tst_toascii64oob.c for regression check (and the comment in +it how to use it). Reported by Hanno Böck <[email protected]>. + ** idn: Solve out-of-bounds-read by replacing fgets with getline. Reported by Hanno Böck <[email protected]>. diff --git a/lib/idna.c b/lib/idna.c index 5107d73..0ccd102 100644 --- a/lib/idna.c +++ b/lib/idna.c @@ -212,6 +212,8 @@ step3: } if (i < 64) out[i] = '\0'; + else + return IDNA_INVALID_LENGTH; if (inasciirange) goto step8; } @@ -266,7 +268,7 @@ step3: step8: free (src); - if (strlen (out) < 1 || strlen (out) > 63) + if (strlen (out) < 1) return IDNA_INVALID_LENGTH; return IDNA_SUCCESS; diff --git a/tests/Makefile.am b/tests/Makefile.am index 5421ddd..9130c32 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -27,7 +27,7 @@ libutils_a_SOURCES = utils.h utils.c ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3 \ tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8 \ - tst_symbols tst_badutf8 tst_utf8crash + tst_symbols tst_badutf8 tst_utf8crash tst_toascii64oob if TLD ctests += tst_tld endif diff --git a/tests/tst_utf8crash.c b/tests/tst_toascii64oob.c similarity index 58% copy from tests/tst_utf8crash.c copy to tests/tst_toascii64oob.c index 31b9203..318168f 100644 --- a/tests/tst_utf8crash.c +++ b/tests/tst_toascii64oob.c @@ -1,5 +1,5 @@ -/* tst_utf8crash.c --- Self tests for malformed UTF-8 regressions. - * Copyright (C) 2015 Simon Josefsson +/* tst_toascii64oob.c --- Regression tests for stack OOB in idna_to_ascii(). + * Copyright (C) 2002-2016 Simon Josefsson * * This file is part of GNU Libidn. * @@ -32,17 +32,28 @@ #include "utils.h" -/* Based on report from Adam Sampson: - https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html */ +/* Reported by Hanno Böck in + https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html */ + +/* This test requires you to build with CFLAGS="-fsanitize=address" + and disable valgrind since asan and valgrind conflict. Thus + normally a bit uneffective, but may be useful to have around. */ void doit (void) { - const char input[] = "\200bad.com"; + const char *in = "00000000000000000000000000000000000000000000000000" + "00000000000000"; char *output; + uint32_t *tmp; int rc; - rc = idna_to_unicode_8z8z(input, &output, 0); - if (rc != IDNA_ICONV_ERROR) - fail ("rc %d\n", rc); + tmp = stringprep_utf8_to_ucs4 (in, -1, NULL); + if (!tmp) + fail ("stringprep_utf8_to_ucs4 failed"); + + rc = idna_to_ascii_4z (tmp, &output, 0); + free (tmp); + if (rc != IDNA_INVALID_LENGTH) + fail ("idna_to_ascii_4z: %d", rc); } hooks/post-receive -- GNU libidn
_______________________________________________ Libidn-commit mailing list [email protected] https://lists.gnu.org/mailman/listinfo/libidn-commit
