File libidn-CVE-2016-6261.patch of Package libidn

Overview Repositories Revisions Requests Users Attributes Meta

File libidn-CVE-2016-6261.patch of Package libidn

From 9a1a7e15d0706634971364493fbb06e77e74726c Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Thu, 14 Jan 2016 12:06:26 +0000
Subject: Add regression check for Hanno Böck's stack OOB issue.

---
Index: libidn-1.28/tests/Makefile.am
===================================================================
--- libidn-1.28.orig/tests/Makefile.am
+++ libidn-1.28/tests/Makefile.am
@@ -27,7 +27,7 @@ libutils_a_SOURCES = utils.h utils.c
 
 ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3	\
 	tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8		\
-	tst_symbols tst_badutf8 tst_utf8crash
+	tst_symbols tst_badutf8 tst_utf8crash tst_toascii64oob
 if TLD
 ctests += tst_tld
 endif
Index: libidn-1.28/tests/tst_toascii64oob.c
===================================================================
--- /dev/null
+++ libidn-1.28/tests/tst_toascii64oob.c
@@ -0,0 +1,59 @@
+/* tst_toascii64oob.c --- Regression tests for stack OOB in idna_to_ascii().
+ * Copyright (C) 2002-2016 Simon Josefsson
+ *
+ * This file is part of GNU Libidn.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include <idna.h>
+#include <idn-free.h>
+
+#include "utils.h"
+
+/* Reported by Hanno Böck in
+   https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html */
+
+/* This test requires you to build with CFLAGS="-fsanitize=address"
+   and disable valgrind since asan and valgrind conflict.  Thus
+   normally a bit uneffective, but may be useful to have around. */
+
+void
+doit (void)
+{
+  const char *in = "00000000000000000000000000000000000000000000000000"
+    "00000000000000";
+  char *output;
+  uint32_t *tmp;
+  int rc;
+
+  tmp = stringprep_utf8_to_ucs4 (in, -1, NULL);
+  if (!tmp)
+    fail ("stringprep_utf8_to_ucs4 failed");
+
+  rc = idna_to_ascii_4z (tmp, &output, 0);
+  free (tmp);
+  if (rc != IDNA_INVALID_LENGTH)
+    fail ("idna_to_ascii_4z: %d", rc);
+}
Index: libidn-1.28/lib/idna.c
===================================================================
--- libidn-1.28.orig/lib/idna.c
+++ libidn-1.28/lib/idna.c
@@ -212,6 +212,11 @@ step3:
       }
     if (i < 64)
       out[i] = '\0';
+    else
+      {
+       free (src);
+       return IDNA_INVALID_LENGTH;
+      }
     if (inasciirange)
       goto step8;
   }
@@ -266,7 +271,7 @@ step3:
 
 step8:
   free (src);
-  if (strlen (out) < 1 || strlen (out) > 63)
+  if (strlen (out) < 1)
     return IDNA_INVALID_LENGTH;
 
   return IDNA_SUCCESS;

Places

File libidn-CVE-2016-6261.patch of Package libidn

Places