Ben Noordhuis b7466e31e4 idna: fix OOB read in punycode decoder ... libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii() function which is used to convert strings to ASCII. This is called by the DNS resolution function and can lead to information disclosures or crashes. Reported by Eric Sesterhenn in collaboration with Cure53 and ExpressVPN. Reported-By: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de> Fixes: https://github.com/libuv/libuv/issues/3147 PR-URL: https://github.com/libuv/libuv-private/pull/1 Refs: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>		2021-07-02 14:07:07 -04:00
..
unix	unix: implement cpu_relax() on ppc64	2021-06-18 23:47:24 -04:00
win	Revert "win,fs: correct error code in uv_fs_read and uv_fs_write"	2021-06-21 16:03:22 -04:00
fs-poll.c	unix,win: fix uv_fs_poll_stop() when active	2019-05-06 15:02:01 +02:00
heap-inl.h	heap: fix heap_remove()	2014-05-23 20:04:42 +04:00
idna.c	idna: fix OOB read in punycode decoder	2021-07-02 14:07:07 -04:00
idna.h	unix,win: support IDNA 2008 in uv_getaddrinfo()	2018-10-30 20:50:23 +01:00
inet.c	inet: fix inconsistent return value of inet_ntop6	2021-05-27 10:54:33 -04:00
queue.h	unix: use QUEUE_MOVE when iterating over lists	2015-10-08 21:47:43 +02:00
random.c	build,unix: add QNX support	2020-09-22 23:14:46 -04:00
strscpy.c	nfci: address some style nits	2020-08-21 17:25:42 -04:00
strscpy.h	nfci: address some style nits	2020-08-21 17:25:42 -04:00
threadpool.c	cleanup,win: Remove _WIN32 guards on threadpool	2021-05-28 11:22:44 -04:00
timer.c	unix,win: initialize timer timeout field	2020-11-18 14:27:56 -05:00
uv-common.c	cleanup,win: Remove _WIN32 guards on threadpool	2021-05-28 11:22:44 -04:00
uv-common.h	win,tcp: make uv_close work more like unix	2021-06-10 13:12:07 -04:00
uv-data-getter-setters.c	nfci: address some style nits	2020-08-21 17:25:42 -04:00
version.c	core: add UV_VERSION_HEX macro	2015-06-29 23:08:41 +02:00