bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Failure with libidn2 on OpenBSD.

From: Tim Rühsen
Subject: Re: Failure with libidn2 on OpenBSD.
Date: Sun, 5 Apr 2020 19:15:21 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 
Meant to say
"On newer versions we *DON'T* set it to allow certain normally
disallowed characters in domain names, like underscore."


On 05.04.20 19:13, Tim Rühsen wrote:
> Hi Mats,
> 
> On 05.04.20 17:28, Mats Erik Andersson wrote:
>> Hello there,
>>
>> since Simon Josefsson and Tim Rühsen are both involved in libidn2,
>> this bug is doubly relevant here.
> 
> The bug is more relevant because Simon and I are involved in libidn2 ?
> I don't understand - could could explain ?
> 
> I added address@hidden to get the experts in.
> 
>> The following call
>>
>>    host = "::1";
>>
>>    idna_to_ascii_lz(host, &newhost, 0);
>>
>> results in
>>
>>    newhost = "1"
>>
>> when executed on OpenBSD 6.3 with libidn2. This is clearly not intended. 
>> Right?
> 
> This is right, when the IDN2_USE_STD3_ASCII_RULES flag is set. That flag
> is set by default on older versions of libidn2.
> On newer versions we set it to allow certain normally disallowed
> characters in domain names, like underscore.
> 
> From the NEWS file:
> * Version 2.0.3 (released 2017-07-24) [beta]
> 
> ** %IDN2_USE_STD3_ASCII_RULES disabled by default.
>  Previously we were eliminating non-STD3 characters from domain strings
>  such as _443._tcp.example.com, or IPs 1.2.3.4/24 provided to libidn2
>  functions. That was an unexpected regression for applications switching
>  from libidn and thus it is no longer applied by default.
>  Use %IDN2_USE_STD3_ASCII_RULES to enable that behavior again.
> 
> 
>> In contrast, FreeBSD 11 with libidn and OpenIndiana with libidn2, both lead 
>> to
>>
>>    newhost = "::1"
> 
> That is a newer version of libidn2 then.
> 
>> which is to be expected of an IPv6 address. Similarly, the OpenBSD+libidn2
>> call transforms the legal "::ffff:127.0.0.1" for the corrupted 
>> "ffff127.0.0.1".
>>
>> Thus the compatibility call idna_to_ascii_lz() in libidn2 strips off every 
>> colon,
>> when executed on OpenBSD but not on OpenIndiana. Explanation? Resolution?
>> I get two failed tests with OpenBSD, but none with OpenIndiana!
> 
> The resolution is to update libidn2 to 2.3.0. Please check the NEWS file
> for fixed bugs and vulnerabilities.
> 
> Regards, Tim
>

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]