File libidn-CVE-2015-2059-2.patch of Package libidn

Overview Repositories Revisions Requests Users Attributes Meta

File libidn-CVE-2015-2059-2.patch of Package libidn (Revision ba18562ac97048a6ff7d162095b6f9b0)

Currently displaying revision ba18562ac97048a6ff7d162095b6f9b0 , Show latest

From 58c721ac2dc96bccd737f3f544f3a22a50477bbf Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Sat, 01 Aug 2015 13:12:10 +0000
Subject: libidn: Fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz.

---
--- a/lib/idna.c
+++ b/lib/idna.c
@@ -746,13 +746,16 @@
   int rc;
 
   rc = idna_to_unicode_8z4z (input, &ucs4, flags);
+  if (rc != IDNA_SUCCESS)
+    return rc;
+
   *output = stringprep_ucs4_to_utf8 (ucs4, -1, NULL, NULL);
   free (ucs4);
 
   if (!*output)
     return IDNA_ICONV_ERROR;
 
-  return rc;
+  return IDNA_SUCCESS;
 }
 
 /**
@@ -777,13 +780,16 @@
   int rc;
 
   rc = idna_to_unicode_8z8z (input, &utf8, flags);
+  if (rc != IDNA_SUCCESS)
+    return rc;
+
   *output = stringprep_utf8_to_locale (utf8);
   free (utf8);
 
   if (!*output)
     return IDNA_ICONV_ERROR;
 
-  return rc;
+  return IDNA_SUCCESS;
 }
 
 /**
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,7 +27,7 @@
 
 ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3	\
 	tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8		\
-	tst_symbols tst_badutf8
+	tst_symbols tst_badutf8 tst_utf8crash
 if TLD
 ctests += tst_tld
 endif
--- /dev/null
+++ b/tests/tst_utf8crash.c
@@ -0,0 +1,48 @@
+/* tst_utf8crash.c --- Self tests for malformed UTF-8 regressions.
+ * Copyright (C) 2015 Simon Josefsson
+ *
+ * This file is part of GNU Libidn.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include <idna.h>
+#include <idn-free.h>
+
+#include "utils.h"
+
+/* Based on report from Adam Sampson:
+   https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html */
+
+void
+doit (void)
+{
+  const char input[] = "\200bad.com";
+  char *output;
+  int rc;
+
+  rc = idna_to_unicode_8z8z(input, &output, 0);
+  if (rc != IDNA_ICONV_ERROR)
+    fail ("rc %d\n", rc);
+}

Places

File libidn-CVE-2015-2059-2.patch of Package libidn (Revision ba18562ac97048a6ff7d162095b6f9b0)

Places