From 65e0517d21d112d54af416e6f378c628a8df335d Mon Sep 17 00:00:00 2001 From: Seonah Moon Date: Thu, 4 Feb 2021 11:22:46 +0900 Subject: libidn: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. CVE-2015-2059 Backported link: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279 (Not apply test codes) Change-Id: If5874e9d7f9a18f8b4e0a9c4627e303635b8ca2e --- lib/gl/Makefile.in | 13 +++--- lib/gl/gnulib.mk | 8 ++++ lib/gl/m4/gnulib-cache.m4 | 1 + lib/gl/m4/gnulib-comp.m4 | 2 + lib/gl/unistr/u8-check.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 124 insertions(+), 5 deletions(-) create mode 100644 lib/gl/unistr/u8-check.c (limited to 'lib/gl') diff --git a/lib/gl/Makefile.in b/lib/gl/Makefile.in index 67c55eb..ddd6ddb 100644 --- a/lib/gl/Makefile.in +++ b/lib/gl/Makefile.in @@ -80,8 +80,9 @@ host_triplet = @host@ DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/gnulib.mk @GL_COND_LIBTOOL_TRUE@am__append_1 = $(LTLIBICONV) -@LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE@am__append_2 = unistr/u8-mbtoucr.c -@LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE@am__append_3 = unistr/u8-uctomb.c unistr/u8-uctomb-aux.c +@LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE@am__append_2 = unistr/u8-check.c +@LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE@am__append_3 = unistr/u8-mbtoucr.c +@LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE@am__append_4 = unistr/u8-uctomb.c unistr/u8-uctomb-aux.c subdir = lib/gl ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/lib/gl/m4/gnulib-comp.m4 \ @@ -168,11 +169,13 @@ am__libgnu_la_SOURCES_DIST = c-ctype.h c-ctype.c c-strcase.h \ c-strcasecmp.c c-strncasecmp.c gettext.h striconv.h striconv.c \ unistr/u8-mbtoucr.c unistr/u8-uctomb.c unistr/u8-uctomb-aux.c am__dirstamp = $(am__leading_dot)dirstamp -@LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE@am__objects_1 = unistr/u8-mbtoucr.lo -@LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE@am__objects_2 = unistr/u8-uctomb.lo \ +@LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE@am__objects_1 = \ +@LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE@ unistr/u8-check.lo +@LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE@am__objects_2 = unistr/u8-mbtoucr.lo +@LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE@am__objects_3 = unistr/u8-uctomb.lo \ @LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE@ unistr/u8-uctomb-aux.lo am_libgnu_la_OBJECTS = c-ctype.lo c-strcasecmp.lo c-strncasecmp.lo \ - striconv.lo $(am__objects_1) $(am__objects_2) + striconv.lo $(am__objects_1) $(am__objects_2) $(am__objects_3) libgnu_la_OBJECTS = $(am_libgnu_la_OBJECTS) AM_V_lt = $(am__v_lt_$(V)) am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY)) diff --git a/lib/gl/gnulib.mk b/lib/gl/gnulib.mk index 3722aac..da4333f 100644 --- a/lib/gl/gnulib.mk +++ b/lib/gl/gnulib.mk @@ -473,6 +473,14 @@ EXTRA_DIST += unistr.in.h ## end gnulib module unistr/base +## begin gnulib module unistr/u8-check + +if LIBUNISTRING_COMPILE_UNISTR_U8_CHECK +libgnu_la_SOURCES += unistr/u8-check.c +endif + +## end gnulib module unistr/u8-check + ## begin gnulib module unistr/u8-mbtoucr if LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR diff --git a/lib/gl/m4/gnulib-cache.m4 b/lib/gl/m4/gnulib-cache.m4 index 4b88a60..9f45b54 100644 --- a/lib/gl/m4/gnulib-cache.m4 +++ b/lib/gl/m4/gnulib-cache.m4 @@ -39,6 +39,7 @@ gl_MODULES([ stdint striconv strverscmp + unistr/u8-check ]) gl_AVOID([iconv-h-tests string-tests wchar-tests]) gl_SOURCE_BASE([lib/gl]) diff --git a/lib/gl/m4/gnulib-comp.m4 b/lib/gl/m4/gnulib-comp.m4 index 62cb1b2..c4832ac 100644 --- a/lib/gl/m4/gnulib-comp.m4 +++ b/lib/gl/m4/gnulib-comp.m4 @@ -168,6 +168,7 @@ if test $HAVE_STRVERSCMP = 0; then fi gl_STRING_MODULE_INDICATOR([strverscmp]) gl_LIBUNISTRING_LIBHEADER([0.9.2], [unistr.h]) +gl_LIBUNISTRING_MODULE([0.9], [unistr/u8-check]) gl_MODULE_INDICATOR([unistr/u8-mbtoucr]) gl_LIBUNISTRING_MODULE([0.9], [unistr/u8-mbtoucr]) gl_MODULE_INDICATOR([unistr/u8-uctomb]) @@ -393,6 +394,7 @@ AC_DEFUN([lgl_FILE_LIST], [ lib/string.in.h lib/strverscmp.c lib/unistr.in.h + lib/unistr/u8-check.c lib/unistr/u8-mbtoucr.c lib/unistr/u8-uctomb-aux.c lib/unistr/u8-uctomb.c diff --git a/lib/gl/unistr/u8-check.c b/lib/gl/unistr/u8-check.c new file mode 100644 index 0000000..0e87f11 --- /dev/null +++ b/lib/gl/unistr/u8-check.c @@ -0,0 +1,105 @@ +/* Check UTF-8 string. + Copyright (C) 2002, 2006-2007, 2009-2015 Free Software Foundation, Inc. + Written by Bruno Haible , 2002. + + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published + by the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ + +#include + +/* Specification. */ +#include "unistr.h" + +const uint8_t * +u8_check (const uint8_t *s, size_t n) +{ + const uint8_t *s_end = s + n; + + while (s < s_end) + { + /* Keep in sync with unistr.h and u8-mbtouc-aux.c. */ + uint8_t c = *s; + + if (c < 0x80) + { + s++; + continue; + } + if (c >= 0xc2) + { + if (c < 0xe0) + { + if (s + 2 <= s_end + && (s[1] ^ 0x80) < 0x40) + { + s += 2; + continue; + } + } + else if (c < 0xf0) + { + if (s + 3 <= s_end + && (s[1] ^ 0x80) < 0x40 && (s[2] ^ 0x80) < 0x40 + && (c >= 0xe1 || s[1] >= 0xa0) + && (c != 0xed || s[1] < 0xa0)) + { + s += 3; + continue; + } + } + else if (c < 0xf8) + { + if (s + 4 <= s_end + && (s[1] ^ 0x80) < 0x40 && (s[2] ^ 0x80) < 0x40 + && (s[3] ^ 0x80) < 0x40 + && (c >= 0xf1 || s[1] >= 0x90) +#if 1 + && (c < 0xf4 || (c == 0xf4 && s[1] < 0x90)) +#endif + ) + { + s += 4; + continue; + } + } +#if 0 + else if (c < 0xfc) + { + if (s + 5 <= s_end + && (s[1] ^ 0x80) < 0x40 && (s[2] ^ 0x80) < 0x40 + && (s[3] ^ 0x80) < 0x40 && (s[4] ^ 0x80) < 0x40 + && (c >= 0xf9 || s[1] >= 0x88)) + { + s += 5; + continue; + } + } + else if (c < 0xfe) + { + if (s + 6 <= s_end + && (s[1] ^ 0x80) < 0x40 && (s[2] ^ 0x80) < 0x40 + && (s[3] ^ 0x80) < 0x40 && (s[4] ^ 0x80) < 0x40 + && (s[5] ^ 0x80) < 0x40 + && (c >= 0xfd || s[1] >= 0x84)) + { + s += 6; + continue; + } + } +#endif + } + /* invalid or incomplete multibyte character */ + return s; + } + return NULL; +} -- cgit v1.2.3