luo980/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,298 Commits 13 Branches 240 Tags 29 MiB
26c09a7ceb
Commit Graph

9 Commits

Author SHA1 Message Date
Santiago Gimeno
26c09a7ceb
test: empty strings are not valid IDNA 2024-02-07 20:27:58 +01:00
Ben Noordhuis
927b2c6719
fix: reject zero-length idna inputs 2024-02-07 12:30:16 +01:00
Ben Noordhuis
fd08591bf9
fix: always zero-terminate idna output 2024-02-07 12:30:16 +01:00
Jameson Nash
f388908593
misc: export WTF8 conversion utilities (#4021) 
As promised in #2970, this attempts to migrate code to a common set of
utilities in a common place in the code and use them everywhere. This
also exports the functionality, since the Windows API with
WideCharToMultiByte is fairly verbose relative to what libuv and
libuv's clients typically need, so it is useful not to require clients
to reimplement this conversion logic unnecessarily (and because Windows
is not 64-bit ready here, but this implementation is.)
 2023-10-28 21:04:57 -04:00
Pleuvens
d8669609d8
test: switch from ASSERT_* to ASSERT_PTR_* (#4163) 
Also introduce a new ASSERT_PTR_LT macro.
 2023-10-12 20:47:44 +02:00
Pleuvens
011a1ac1a3
test: switch to new-style ASSERT_EQ macros (#4159) 
Switch from old-style ASSERT macro to new-style ASSERT_EQ,... macros.

Using new-style macros makes it easier to debug test failures

Fixes: https://github.com/libuv/libuv/issues/2974
 2023-10-06 19:50:15 +02:00
panran
a4ba1bd73e
test: fix some warnings when compiling tests (#3816) 
```
warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
note: in expansion of macro 'ASSERT_BASE'
#define ASSERT_EQ(a, b) ASSERT_BASE(a, ==, b, int64_t, PRId64)

warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but
argument 3 has type ‘uint32_t’ {aka ‘unsigned int’}
```

Co-authored-by: Jameson Nash <vtjnash@gmail.com>
 2023-01-19 10:48:13 -06:00
Ben Noordhuis
b7466e31e4 idna: fix OOB read in punycode decoder 
libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.

Reported by Eric Sesterhenn in collaboration with Cure53 and ExpressVPN.

Reported-By: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Fixes: https://github.com/libuv/libuv/issues/3147
PR-URL: https://github.com/libuv/libuv-private/pull/1
Refs: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
 2021-07-02 14:07:07 -04:00
Ben Noordhuis
6dd44caa35 unix,win: support IDNA 2008 in uv_getaddrinfo() 
Encode domain names before passing them on to the libc resolver.
Some getaddrinfo() implementations support IDNA 2008, some only
IDNA 2003 and some don't support i18n domain names at all.

This is a potential security issue because it means a domain name
might resolve differently depending on the system that libuv is
running on.

Fixes: https://github.com/libuv/libuv/issues/2028
PR-URL: https://github.com/libuv/libuv/pull/2046
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
 2018-10-30 20:50:23 +01:00