Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Rings:1-MinimalX
libidn
libidn-CVE-2016-6263.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libidn-CVE-2016-6263.patch of Package libidn
From 1fbee57ef3c72db2206dd87e4162108b2f425555 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <simon@josefsson.org> Date: Thu, 14 Jan 2016 13:31:33 +0000 Subject: stringprep_utf8_nfkc_normalize: Reject invalid UTF8 instead of crashing. Also add regression self check. Reported by Hanno Böck. --- Index: libidn-1.28/lib/nfkc.c =================================================================== --- libidn-1.28.orig/lib/nfkc.c +++ libidn-1.28/lib/nfkc.c @@ -1086,6 +1086,16 @@ stringprep_ucs4_to_utf8 (const uint32_t char * stringprep_utf8_nfkc_normalize (const char *str, ssize_t len) { + size_t n; + + if (len < 0) + n = strlen (str); + else + n = len; + + if (u8_check ((const uint8_t *) str, n)) + return NULL; + return g_utf8_normalize (str, len, G_NORMALIZE_NFKC); } Index: libidn-1.28/tests/Makefile.am =================================================================== --- libidn-1.28.orig/tests/Makefile.am +++ libidn-1.28/tests/Makefile.am @@ -27,7 +27,8 @@ libutils_a_SOURCES = utils.h utils.c ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3 \ tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8 \ - tst_symbols tst_badutf8 tst_utf8crash tst_toascii64oob + tst_symbols tst_badutf8 tst_utf8crash tst_toascii64oob \ + tst_badutf8nfkc if TLD ctests += tst_tld endif Index: libidn-1.28/tests/tst_badutf8nfkc.c =================================================================== --- /dev/null +++ libidn-1.28/tests/tst_badutf8nfkc.c @@ -0,0 +1,41 @@ +/* tst_badutf8nfkc.c --- Self tests for malformed UTF-8 NFKC input. + * Copyright (C) 2016 Simon Josefsson + * + * This file is part of GNU Libidn. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <string.h> +#include <stdlib.h> + +#include <stringprep.h> + +#include "utils.h" + +void +doit (void) +{ + char *badutf8 = strdup ("\xe4"); + char *s = NULL; + + s = stringprep_utf8_nfkc_normalize (badutf8, -1); + free (s); + free (badutf8); +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor