[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Failure with libidn2 on OpenBSD.
|
From: |
Tim Rühsen |
|
Subject: |
Re: Failure with libidn2 on OpenBSD. |
|
Date: |
Sun, 5 Apr 2020 19:15:21 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 |
Meant to say
"On newer versions we *DON'T* set it to allow certain normally
disallowed characters in domain names, like underscore."
On 05.04.20 19:13, Tim Rühsen wrote:
> Hi Mats,
>
> On 05.04.20 17:28, Mats Erik Andersson wrote:
>> Hello there,
>>
>> since Simon Josefsson and Tim Rühsen are both involved in libidn2,
>> this bug is doubly relevant here.
>
> The bug is more relevant because Simon and I are involved in libidn2 ?
> I don't understand - could could explain ?
>
> I added address@hidden to get the experts in.
>
>> The following call
>>
>> host = "::1";
>>
>> idna_to_ascii_lz(host, &newhost, 0);
>>
>> results in
>>
>> newhost = "1"
>>
>> when executed on OpenBSD 6.3 with libidn2. This is clearly not intended.
>> Right?
>
> This is right, when the IDN2_USE_STD3_ASCII_RULES flag is set. That flag
> is set by default on older versions of libidn2.
> On newer versions we set it to allow certain normally disallowed
> characters in domain names, like underscore.
>
> From the NEWS file:
> * Version 2.0.3 (released 2017-07-24) [beta]
>
> ** %IDN2_USE_STD3_ASCII_RULES disabled by default.
> Previously we were eliminating non-STD3 characters from domain strings
> such as _443._tcp.example.com, or IPs 1.2.3.4/24 provided to libidn2
> functions. That was an unexpected regression for applications switching
> from libidn and thus it is no longer applied by default.
> Use %IDN2_USE_STD3_ASCII_RULES to enable that behavior again.
>
>
>> In contrast, FreeBSD 11 with libidn and OpenIndiana with libidn2, both lead
>> to
>>
>> newhost = "::1"
>
> That is a newer version of libidn2 then.
>
>> which is to be expected of an IPv6 address. Similarly, the OpenBSD+libidn2
>> call transforms the legal "::ffff:127.0.0.1" for the corrupted
>> "ffff127.0.0.1".
>>
>> Thus the compatibility call idna_to_ascii_lz() in libidn2 strips off every
>> colon,
>> when executed on OpenBSD but not on OpenIndiana. Explanation? Resolution?
>> I get two failed tests with OpenBSD, but none with OpenIndiana!
>
> The resolution is to update libidn2 to 2.3.0. Please check the NEWS file
> for fixed bugs and vulnerabilities.
>
> Regards, Tim
>
signature.asc
Description: OpenPGP digital signature