Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:A
libidn
libidn-CVE-2015-2059-2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libidn-CVE-2015-2059-2.patch of Package libidn
From 58c721ac2dc96bccd737f3f544f3a22a50477bbf Mon Sep 17 00:00:00 2001 From: Simon Josefsson <simon@josefsson.org> Date: Sat, 01 Aug 2015 13:12:10 +0000 Subject: libidn: Fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz. --- --- a/lib/idna.c +++ b/lib/idna.c @@ -746,13 +746,16 @@ int rc; rc = idna_to_unicode_8z4z (input, &ucs4, flags); + if (rc != IDNA_SUCCESS) + return rc; + *output = stringprep_ucs4_to_utf8 (ucs4, -1, NULL, NULL); free (ucs4); if (!*output) return IDNA_ICONV_ERROR; - return rc; + return IDNA_SUCCESS; } /** @@ -777,13 +780,16 @@ int rc; rc = idna_to_unicode_8z8z (input, &utf8, flags); + if (rc != IDNA_SUCCESS) + return rc; + *output = stringprep_utf8_to_locale (utf8); free (utf8); if (!*output) return IDNA_ICONV_ERROR; - return rc; + return IDNA_SUCCESS; } /** --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -27,7 +27,7 @@ ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3 \ tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8 \ - tst_symbols tst_badutf8 + tst_symbols tst_badutf8 tst_utf8crash if TLD ctests += tst_tld endif --- /dev/null +++ b/tests/tst_utf8crash.c @@ -0,0 +1,48 @@ +/* tst_utf8crash.c --- Self tests for malformed UTF-8 regressions. + * Copyright (C) 2015 Simon Josefsson + * + * This file is part of GNU Libidn. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> + +#include <idna.h> +#include <idn-free.h> + +#include "utils.h" + +/* Based on report from Adam Sampson: + https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html */ + +void +doit (void) +{ + const char input[] = "\200bad.com"; + char *output; + int rc; + + rc = idna_to_unicode_8z8z(input, &output, 0); + if (rc != IDNA_ICONV_ERROR) + fail ("rc %d\n", rc); +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor