[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU libidn branch, master, updated. libidn-1-31-8-geabba1b
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU libidn branch, master, updated. libidn-1-31-8-geabba1b |
|
Date: |
Sat, 01 Aug 2015 13:37:27 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU libidn".
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=eabba1bb23237730787deaa2260d24367b04f685
The branch, master has been updated
via eabba1bb23237730787deaa2260d24367b04f685 (commit)
via 1bac8c9cfd986cf02512ee524d2dad421da59dd6 (commit)
via 58c721ac2dc96bccd737f3f544f3a22a50477bbf (commit)
via c261018477f971d274dee305d27f8bff4afd4238 (commit)
via 7e6124206c78c03ab250fb270b8a0a2991a1a9bb (commit)
via 8b5743751292bcc8cd93ec2ab54720f8bfa21ec4 (commit)
via e93f6a7f8c65ff6f0861c7e3266ccbe9cb806edc (commit)
via b36b268b905c17997f5ef8b0cf8b4545e8ea4a88 (commit)
from 40c9ae4f4b7a8fab025c0833119d52b60d3cde6e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit eabba1bb23237730787deaa2260d24367b04f685
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 15:18:53 2015 +0200
Version 1.32.
commit 1bac8c9cfd986cf02512ee524d2dad421da59dd6
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 15:18:45 2015 +0200
Reorder AM_PROG_AR to silence autoreconf. Drop AC_PROG_LIBTOOL.
commit 58c721ac2dc96bccd737f3f544f3a22a50477bbf
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 15:12:10 2015 +0200
libidn: Fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz.
commit c261018477f971d274dee305d27f8bff4afd4238
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 15:02:04 2015 +0200
Add regression check for malformed UTF-8 crash, reported by Adam Sampson.
commit 7e6124206c78c03ab250fb270b8a0a2991a1a9bb
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 14:48:22 2015 +0200
Update gnulib files.
commit 8b5743751292bcc8cd93ec2ab54720f8bfa21ec4
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 14:47:19 2015 +0200
Bump versions.
commit e93f6a7f8c65ff6f0861c7e3266ccbe9cb806edc
Author: Simon Josefsson <address@hidden>
Date: Sat Aug 1 14:44:16 2015 +0200
Update for 1.31.
commit b36b268b905c17997f5ef8b0cf8b4545e8ea4a88
Author: Simon Josefsson <address@hidden>
Date: Wed Jul 8 23:24:37 2015 +0200
Update for 1.30.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +
NEWS | 8 ++
THANKS | 1 +
configure.ac | 7 +-
doc/announce.txt | 130 ++++++++++++++++++------------
gl/m4/sys_time_h.m4 | 1 +
gl/m4/time_h.m4 | 1 +
gltests/Makefile.am | 2 +
gltests/time.in.h | 27 ++++++-
lib/idna.c | 10 ++-
lib/stringprep.h | 2 +-
tests/Makefile.am | 2 +-
tests/{tst_badutf8.c => tst_utf8crash.c} | 16 ++--
13 files changed, 136 insertions(+), 73 deletions(-)
copy tests/{tst_badutf8.c => tst_utf8crash.c} (75%)
diff --git a/.gitignore b/.gitignore
index 37c5729..a9bc58b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -638,6 +638,8 @@ tests/tst_tld
tests/tst_tld.o
tests/tst_toutf8
tests/tst_toutf8.o
+tests/tst_utf8crash
+tests/tst_utf8crash.o
tests/utils.o
windows/libidn-*-win??.zip
windows/libidn-*-win??.zip.sig
diff --git a/NEWS b/NEWS
index c25e2f6..39a6f71 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,13 @@ Libidn NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2002-2015 Simon Josefsson
See the end for copying conditions.
+* Version 1.32 (released 2015-08-01) [beta]
+
+** libidn: Fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz.
+This problem was introduced in 1.31. Reported by Adam Sampson.
+
+** API and ABI is backwards compatible with the previous version.
+
* Version 1.31 (released 2015-07-08) [beta]
** libidn: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. CVE-2015-2059
@@ -46,6 +53,7 @@ before.
Thanks to Joe Hansen.
** API and ABI is backwards compatible with the previous version.
+See discussion above on slight change in semantics of functions.
* Version 1.30 (released 2015-03-02) [stable]
diff --git a/THANKS b/THANKS
index 4403488..41d5be2 100644
--- a/THANKS
+++ b/THANKS
@@ -108,6 +108,7 @@ Jeffrey Frey <address@hidden>
Thijs Alkemade <address@hidden>
Nikos Mavrogiannopoulos <address@hidden>
Gustavo Grieco <address@hidden>
+Adam Sampson <address@hidden>
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
diff --git a/configure.ac b/configure.ac
index 79221f5..0d67b8a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,7 +18,7 @@ dnl You should have received a copy of the GNU General Public
License
dnl along with this program. If not, see <http://www.gnu.org/licenses/>.
AC_PREREQ(2.61)
-AC_INIT([GNU Libidn], [1.31], address@hidden)
+AC_INIT([GNU Libidn], [1.32], address@hidden)
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS(config.h)
@@ -30,7 +30,7 @@ AM_SILENT_RULES([yes])
# Interfaces added: AGE++
# Interfaces removed: AGE=0
AC_SUBST(LT_CURRENT, 17)
-AC_SUBST(LT_REVISION, 14)
+AC_SUBST(LT_REVISION, 15)
AC_SUBST(LT_AGE, 6)
AC_PROG_CC
@@ -41,9 +41,8 @@ lgl_EARLY
DLL_VERSION=`expr ${LT_CURRENT} - ${LT_AGE}`
AC_SUBST(DLL_VERSION)
-LT_INIT([win32-dll])
m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
-AC_PROG_LIBTOOL
+LT_INIT([win32-dll])
# Checks for programs.
AM_MISSING_PROG(PERL, perl, $missing_dir)
diff --git a/doc/announce.txt b/doc/announce.txt
index 4ae709e..f218913 100644
--- a/doc/announce.txt
+++ b/doc/announce.txt
@@ -1,5 +1,5 @@
To: address@hidden, address@hidden
-Subject: Libidn 1.29 released
+Subject: Libidn 1.31 released
<#part sign=pgpmime>
GNU Libidn is a fully documented implementation of the Stringprep,
Punycode and IDNA specifications. Libidn's purpose is to encode and
@@ -8,41 +8,70 @@ and Java libraries.
Noteworthy changes since the last release (from NEWS file):
-* Version 1.29 (released 2014-08-10) [stable]
-
-** libidn: Mark internal variable "g_utf8_skip" as static.
-Reported by Thomas Dineen <address@hidden>.
-
-** idn: Flush stdout to simplify for tools that buffer too heavily.
-Tiny patch from Hugh Daschbach <address@hidden>.
-
-** i18n: Added Brazilian Portuguese translation.
-Thanks to Rafael Ferreira.
-
-** Update gnulib files.
+* Version 1.31 (released 2015-07-08) [beta]
+
+** libidn: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. CVE-2015-2059
+This function has always been documented to not validate that the
+input UTF-8 string is actually valid UTF-8. Like the rest of the API,
+when you call a function that works on UTF-8 data, you have to pass it
+valid UTF-8 data. Application writers appear to have difficulties
+using interfaces designed like that, as bugs triggered by invalid
+UTF-8 has been identified in a number of projects (jabberd2, gnutls,
+wget, and curl). While we could introduce a new API to perform UTF-8
+validation, so that applications can easily implement the proper
+checks, this appear error prone because there is a risk that the check
+will be forgotten. Instead, we took the more radical approach of
+modifying the documentation and the implementation of the API. The
+intention is that all functions that accepts UTF-8 data should
+validate it before use. This will solve the problem for applications,
+without needing to change them. This change has the unfortunate
+side-effect that Surrogate codes (see section 5.5 of RFC 3454) no
+longer trigger the STRINGPREP_CONTAINS_PROHIBITED error code but
+instead will trigger the newly introduced STRINGPREP_ICONV_ERROR error
+code, as the gnulib/libunistring-based code that we use to test
+UTF-8-compliance rejects Surrogate codes. We hope that this is an
+acceptable cost to live with in order to improve application security.
+We welcome feedback on this solution, and we are marking this release
+as beta rather than stable to signal that we may reconsider this
+approach if people disagree. Reported by several people including
+Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
+Mavrogiannopoulos.
+
+** libidn: Added STRINGPREP_ICONV_ERROR error code.
+
+** libidn: Workaround valgrind/gcc/glibc issue.
+Valgrind reported a 'Invalid read of size 4' that was caused by
+optimized strlen implementation. Reported and patch by Alessandro
+Ghedini <address@hidden>.
+
+** build: Use LOG_COMPILER instead of TESTS_ENVIRONMENT to fix valgrind use.
+Errors caught by valgrind did not always trigger 'make check' failures
+before.
+
+** i18n: Updated Danish translation.
+Thanks to Joe Hansen.
** API and ABI is backwards compatible with the previous version.
The C library contains a generic Stringprep implementation. Profiles
-for Nameprep, iSCSI, SASL, XMPP and Kerberos V5 are included.
-Punycode and ASCII Compatible Encoding (ACE) via IDNA are supported.
-A mechanism to define Top-Level Domain (TLD) specific validation
-tables, and to compare strings against those tables, is included.
-Default tables for some TLDs are also included.
+for Nameprep, iSCSI, SASL, XMPP and Kerberos V5 are included. Punycode
+and ASCII Compatible Encoding (ACE) via IDNA are supported. A mechanism
+to define Top-Level Domain (TLD) specific validation tables, and to
+compare strings against those tables, is included. Default tables for
+some TLDs are also included.
The Stringprep API consists of two main functions, one for converting
data from the system's native representation into UTF-8, and one
-function to perform the Stringprep processing. Adding a new
-Stringprep profile for your application within the API is
-straightforward. The Punycode API consists of one encoding function
-and one decoding function. The IDNA API consists of the ToASCII and
-ToUnicode functions, as well as an high-level interface for converting
-entire domain names to and from the ACE encoded form. The TLD API
-consists of one set of functions to extract the TLD name from a domain
-string, one set of functions to locate the proper TLD table to use
-based on the TLD name, and core functions to validate a string against
-a TLD table, and some utility wrappers to perform all the steps in one
-call.
+function to perform the Stringprep processing. Adding a new Stringprep
+profile for your application within the API is straightforward. The
+Punycode API consists of one encoding function and one decoding
+function. The IDNA API consists of the ToASCII and ToUnicode functions,
+as well as an high-level interface for converting entire domain names to
+and from the ACE encoded form. The TLD API consists of one set of
+functions to extract the TLD name from a domain string, one set of
+functions to locate the proper TLD table to use based on the TLD name,
+and core functions to validate a string against a TLD table, and some
+utility wrappers to perform all the steps in one call.
Libidn is developed for the GNU/Linux system, but runs on over 20 Unix
platforms (including Solaris, IRIX, AIX, and Tru64) and Windows. The
@@ -50,13 +79,13 @@ library is written in C and (parts of) the API is also
accessible from
C++, Emacs Lisp, Python and Java. A native Java and C# port is
included.
-Also included is a command line tool, several self tests, code
-examples, and more.
+Also included is a command line tool, several self tests, code examples,
+and more.
Improving Libidn is costly, but you can help! We are looking for
-organizations that find Libidn useful and wish to contribute back.
-You can contribute by reporting bugs, improve the software, or donate
-money or equipment.
+organizations that find Libidn useful and wish to contribute back. You
+can contribute by reporting bugs, improve the software, or donate money
+or equipment.
Commercial support contracts for Libidn are available, and they help
finance continued maintenance. Simon Josefsson Datakonsult AB, a
@@ -92,33 +121,33 @@ invited to join our help-libidn mailing list, see:
https://lists.gnu.org/mailman/listinfo/help-libidn
Here are the compressed sources (3.4MB):
- ftp://ftp.gnu.org/gnu/libidn/libidn-1.29.tar.gz
- http://ftp.gnu.org/gnu/libidn/libidn-1.29.tar.gz
+ ftp://ftp.gnu.org/gnu/libidn/libidn-1.31.tar.gz
+ http://ftp.gnu.org/gnu/libidn/libidn-1.31.tar.gz
Here are GPG detached signatures:
- ftp://ftp.gnu.org/gnu/libidn/libidn-1.29.tar.gz.sig
- http://ftp.gnu.org/gnu/libidn/libidn-1.29.tar.gz.sig
+ ftp://ftp.gnu.org/gnu/libidn/libidn-1.31.tar.gz.sig
+ http://ftp.gnu.org/gnu/libidn/libidn-1.31.tar.gz.sig
Here are the SHA-1 and SHA-224 signatures:
-e0959eec9a03fd8053379b0aeab447c546c05ab2 libidn-1.29.tar.gz
-fb82747dbbf9b36f703ed27293317d818d7e851d4f5773dedf3efa4db32a7c7c
libidn-1.29.tar.gz
+0bb34003a0fe05a91e60d346803401f16c82a1fb libidn-1.31.tar.gz
+70b14fa49c875b4bc9919e50c994968e34c965bbd20f8c9bef0d6431 libidn-1.31.tar.gz
We also provide Windows binaries built using MinGW-w64 with the build
script windows/libidn4win.mk, for 32-bit and 64-bit x86 architecures:
- ftp://ftp.gnu.org/gnu/libidn/libidn-1.29-win32.zip
- ftp://ftp.gnu.org/gnu/libidn/libidn-1.29-win32.zip.sig
- ftp://ftp.gnu.org/gnu/libidn/libidn-1.29-win64.zip
- ftp://ftp.gnu.org/gnu/libidn/libidn-1.29-win64.zip.sig
+ ftp://ftp.gnu.org/gnu/libidn/libidn-1.31-win32.zip
+ ftp://ftp.gnu.org/gnu/libidn/libidn-1.31-win32.zip.sig
+ ftp://ftp.gnu.org/gnu/libidn/libidn-1.31-win64.zip
+ ftp://ftp.gnu.org/gnu/libidn/libidn-1.31-win64.zip.sig
Here are the SHA-1 and SHA-224 signatures:
-ece31e774ad39bebcac407273e995ba6f3a11bca libidn-1.29-win32.zip
-2ef64330f8104a07dda246a2fd30860824decffa libidn-1.29-win64.zip
+be5e14202d82ae53c801f09aef604ec4fa4a36cb libidn-1.31-win32.zip
+160d03fa8acc139719ed8b4d788a2891563186287774300b5fa4af08 libidn-1.31-win32.zip
-4039d0b4a6c554020040f1672a301738d99a4af456b53a2efb56c9473c8d918d
libidn-1.29-win32.zip
-b8229a5efd496cae86c3f6ee354f9037dae90ddd99b19eafa997b24146ea6f73
libidn-1.29-win64.zip
+3f42b05753fceba465b0ec758455972088ea8777 libidn-1.31-win64.zip
+62b97a5bdcdfb5f514029f2b83c7bcb57248a420b4087f5a058bda86 libidn-1.31-win64.zip
The software is cryptographically signed by the author using an OpenPGP
key identified by the following information:
@@ -130,11 +159,6 @@ uid Simon Josefsson <address@hidden>
The key is available from:
http://josefsson.org/54265e8c.txt
-Previous versions were signed using my old OpenPGP key, if you trusted
-it you can use the following key transition document to gain trust in my
-new key:
- https://josefsson.org/key-transition-2014-06-22.txt
-
Code coverage, clang-analyzer output, and cyclomatic code complexity charts:
https://www.gnu.org/software/libidn/coverage/
https://www.gnu.org/software/libidn/clang-analyzer/
diff --git a/gl/m4/sys_time_h.m4 b/gl/m4/sys_time_h.m4
index 50133b9..28c8b1a 100644
--- a/gl/m4/sys_time_h.m4
+++ b/gl/m4/sys_time_h.m4
@@ -105,6 +105,7 @@ AC_DEFUN([gl_HEADER_SYS_TIME_H_DEFAULTS],
HAVE_GETTIMEOFDAY=1; AC_SUBST([HAVE_GETTIMEOFDAY])
HAVE_STRUCT_TIMEVAL=1; AC_SUBST([HAVE_STRUCT_TIMEVAL])
HAVE_SYS_TIME_H=1; AC_SUBST([HAVE_SYS_TIME_H])
+ HAVE_TIMEZONE_T=0; AC_SUBST([HAVE_TIMEZONE_T])
REPLACE_GETTIMEOFDAY=0; AC_SUBST([REPLACE_GETTIMEOFDAY])
REPLACE_STRUCT_TIMEVAL=0; AC_SUBST([REPLACE_STRUCT_TIMEVAL])
])
diff --git a/gl/m4/time_h.m4 b/gl/m4/time_h.m4
index d9c41a4..754b469 100644
--- a/gl/m4/time_h.m4
+++ b/gl/m4/time_h.m4
@@ -109,6 +109,7 @@ AC_DEFUN([gl_HEADER_TIME_H_DEFAULTS],
GNULIB_STRPTIME=0; AC_SUBST([GNULIB_STRPTIME])
GNULIB_TIMEGM=0; AC_SUBST([GNULIB_TIMEGM])
GNULIB_TIME_R=0; AC_SUBST([GNULIB_TIME_R])
+ GNULIB_TIME_RZ=0; AC_SUBST([GNULIB_TIME_RZ])
dnl Assume proper GNU behavior unless another module says otherwise.
HAVE_DECL_LOCALTIME_R=1; AC_SUBST([HAVE_DECL_LOCALTIME_R])
HAVE_NANOSLEEP=1; AC_SUBST([HAVE_NANOSLEEP])
diff --git a/gltests/Makefile.am b/gltests/Makefile.am
index f55c886..cea90f8 100644
--- a/gltests/Makefile.am
+++ b/gltests/Makefile.am
@@ -1024,10 +1024,12 @@ time.h: time.in.h $(top_builddir)/config.status
$(CXXDEFS_H) $(ARG_NONNULL_H) $(
-e 's/@''GNULIB_STRPTIME''@/$(GNULIB_STRPTIME)/g' \
-e 's/@''GNULIB_TIMEGM''@/$(GNULIB_TIMEGM)/g' \
-e 's/@''GNULIB_TIME_R''@/$(GNULIB_TIME_R)/g' \
+ -e 's/@''GNULIB_TIME_RZ''@/$(GNULIB_TIME_RZ)/g' \
-e 's|@''HAVE_DECL_LOCALTIME_R''@|$(HAVE_DECL_LOCALTIME_R)|g' \
-e 's|@''HAVE_NANOSLEEP''@|$(HAVE_NANOSLEEP)|g' \
-e 's|@''HAVE_STRPTIME''@|$(HAVE_STRPTIME)|g' \
-e 's|@''HAVE_TIMEGM''@|$(HAVE_TIMEGM)|g' \
+ -e 's|@''HAVE_TIMEZONE_T''@|$(HAVE_TIMEZONE_T)|g' \
-e 's|@''REPLACE_GMTIME''@|$(REPLACE_GMTIME)|g' \
-e 's|@''REPLACE_LOCALTIME''@|$(REPLACE_LOCALTIME)|g' \
-e 's|@''REPLACE_LOCALTIME_R''@|$(REPLACE_LOCALTIME_R)|g' \
diff --git a/gltests/time.in.h b/gltests/time.in.h
index 1a6b746..a90552c 100644
--- a/gltests/time.in.h
+++ b/gltests/time.in.h
@@ -22,11 +22,13 @@
/* Don't get in the way of glibc when it includes time.h merely to
declare a few standard symbols, rather than to declare all the
- symbols. Also, Solaris 8 <time.h> eventually includes itself
+ symbols. (However, skip this for MinGW as it treats __need_time_t
+ incompatibly.) Also, Solaris 8 <time.h> eventually includes itself
recursively; if that is happening, just include the system <time.h>
without adding our own declarations. */
-#if (defined __need_time_t || defined __need_clock_t \
- || defined __need_timespec \
+#if (((defined __need_time_t || defined __need_clock_t \
+ || defined __need_timespec) \
+ && !defined __MINGW32__) \
|| defined address@hidden@_TIME_H)
# @INCLUDE_NEXT@ @NEXT_TIME_H@
@@ -231,6 +233,25 @@ _GL_CXXALIAS_SYS (strptime, char *, (char const *restrict
__buf,
_GL_CXXALIASWARN (strptime);
# endif
+# if defined _GNU_SOURCE && @GNULIB_TIME_RZ@ && ! @HAVE_TIMEZONE_T@
+typedef struct tm_zone *timezone_t;
+_GL_FUNCDECL_SYS (tzalloc, timezone_t, (char const *__name));
+_GL_CXXALIAS_SYS (tzalloc, timezone_t, (char const *__name));
+_GL_FUNCDECL_SYS (tzfree, void, (timezone_t __tz));
+_GL_CXXALIAS_SYS (tzfree, void, (timezone_t __tz));
+_GL_FUNCDECL_SYS (localtime_rz, struct tm *,
+ (timezone_t __tz, time_t const *restrict __timer,
+ struct tm *restrict __result) _GL_ARG_NONNULL ((2, 3)));
+_GL_CXXALIAS_SYS (localtime_rz, struct tm *,
+ (timezone_t __tz, time_t const *restrict __timer,
+ struct tm *restrict __result));
+_GL_FUNCDECL_SYS (mktime_z, time_t,
+ (timezone_t __tz, struct tm *restrict __result)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_SYS (mktime_z, time_t,
+ (timezone_t __tz, struct tm *restrict __result));
+# endif
+
/* Convert TM to a time_t value, assuming UTC. */
# if @GNULIB_TIMEGM@
# if @REPLACE_TIMEGM@
diff --git a/lib/idna.c b/lib/idna.c
index 17774d0..5107d73 100644
--- a/lib/idna.c
+++ b/lib/idna.c
@@ -744,13 +744,16 @@ idna_to_unicode_8z8z (const char *input, char **output,
int flags)
int rc;
rc = idna_to_unicode_8z4z (input, &ucs4, flags);
+ if (rc != IDNA_SUCCESS)
+ return rc;
+
*output = stringprep_ucs4_to_utf8 (ucs4, -1, NULL, NULL);
free (ucs4);
if (!*output)
return IDNA_ICONV_ERROR;
- return rc;
+ return IDNA_SUCCESS;
}
/**
@@ -775,13 +778,16 @@ idna_to_unicode_8zlz (const char *input, char **output,
int flags)
int rc;
rc = idna_to_unicode_8z8z (input, &utf8, flags);
+ if (rc != IDNA_SUCCESS)
+ return rc;
+
*output = stringprep_utf8_to_locale (utf8);
free (utf8);
if (!*output)
return IDNA_ICONV_ERROR;
- return rc;
+ return IDNA_SUCCESS;
}
/**
diff --git a/lib/stringprep.h b/lib/stringprep.h
index 309d01e..d69faa7 100644
--- a/lib/stringprep.h
+++ b/lib/stringprep.h
@@ -51,7 +51,7 @@ extern "C"
{
# endif
-# define STRINGPREP_VERSION "1.31"
+# define STRINGPREP_VERSION "1.32"
/* Error codes. */
typedef enum
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0f890fe..4415183 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,7 +27,7 @@ libutils_a_SOURCES = utils.h utils.c
ctests = tst_stringprep tst_punycode tst_idna tst_idna2 tst_idna3 \
tst_idna4 tst_nfkc tst_pr29 tst_strerror tst_toutf8 \
- tst_symbols tst_badutf8
+ tst_symbols tst_badutf8 tst_utf8crash
if TLD
ctests += tst_tld
endif
diff --git a/tests/tst_badutf8.c b/tests/tst_utf8crash.c
similarity index 75%
copy from tests/tst_badutf8.c
copy to tests/tst_utf8crash.c
index 2feb099..31b9203 100644
--- a/tests/tst_badutf8.c
+++ b/tests/tst_utf8crash.c
@@ -1,4 +1,4 @@
-/* tst_badutf8.c --- Self tests for malformed UTF-8 regressions.
+/* tst_utf8crash.c --- Self tests for malformed UTF-8 regressions.
* Copyright (C) 2015 Simon Josefsson
*
* This file is part of GNU Libidn.
@@ -32,19 +32,17 @@
#include "utils.h"
+/* Based on report from Adam Sampson:
+ https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html */
+
void
doit (void)
{
- char *badutf8 = strdup ("\x7e\x64\x61\x72\x10\x2f\x2f\xf9\x2b\x71"
- "\x60\x79\x7b\x2e\x63\x75\x2b\x61\x65\x72"
- "\x75\x65\x56\x66\x7f\x62\xc5\x76\xe5\x00");
- char *s = NULL;
+ const char input[] = "\200bad.com";
+ char *output;
int rc;
- rc = idna_to_ascii_8z (badutf8, &s, 0);
- free (badutf8);
+ rc = idna_to_unicode_8z8z(input, &output, 0);
if (rc != IDNA_ICONV_ERROR)
fail ("rc %d\n", rc);
-
- idn_free (s);
}
hooks/post-receive
--
GNU libidn
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU libidn branch, master, updated. libidn-1-31-8-geabba1b,
Simon Josefsson <=