!20 回合社区bugfix补丁

From: @tong_1001 Reviewed-by: @znzjugod Signed-off-by: @znzjugod
fix overflow and Avoid 'NULL + 1'
2024-04-15 03:13:54 +00:00 · 2024-04-15 10:56:51 +08:00 · 2022-12-20 08:40:54 +00:00 · 2022-10-20 09:27:04 +00:00 · 2022-10-20 07:39:04 +00:00 · 2022-06-15 05:28:05 +00:00
5 changed files with 411 additions and 4 deletions
--- a/backport-Avoid-8bit-overflow-in-is_public_suffix.patch
+++ b/backport-Avoid-8bit-overflow-in-is_public_suffix.patch
@ -0,0 +1,29 @@
+From 55d0ae04dea0856311b05ea03567d65bf8b9e45d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 16 Jan 2022 12:51:33 +0100
+Subject: [PATCH] Avoid 8bit overflow in is_public_suffix()
+
+---
+ src/psl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/psl.c b/src/psl.c
+index be95602..8e7a9e8 100644
+--- a/src/psl.c
+++ b/src/psl.c
+@@ -835,8 +835,11 @@ static int is_public_suffix(const psl_ctx_t *psl, const char *domain, int type)
+ 	suffix.nlabels = 1;
+ 
+ 	for (p = domain; *p; p++) {
+-		if (*p == '.')
+		if (*p == '.') {
+			if (suffix.nlabels == 255) // weird input, avoid 8bit overflow
+				return 0;
+ 			suffix.nlabels++;
+		}
+ 		else if (*((unsigned char *)p) >= 128)
+ 			need_conversion = 1; /* in case domain is non-ascii we need a toASCII conversion */
+ 	}
+-- 
+2.27.0
+
--- a/backport-Avoid-NULL-add-1-as-it-is-UB.patch
+++ b/backport-Avoid-NULL-add-1-as-it-is-UB.patch
@ -0,0 +1,37 @@
+From 21d2d5191160439544150c017216f751c2c392fd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 16 Jan 2022 12:55:51 +0100
+Subject: [PATCH] Avoid 'NULL + 1' as it is UB
+
+---
+ src/psl.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/psl.c b/src/psl.c
+index 8e7a9e8..f85a895 100644
+--- a/src/psl.c
+++ b/src/psl.c
+@@ -568,7 +568,7 @@ static int domain_to_punycode(const char *domain, char *out, size_t outsize)
+ 	punycode_uint input[256];
+ 	const char *label, *e;
+ 
+-	for (e = label = domain; e; label = e + 1) {
+	for (e = label = domain; e;) {
+ 		e = strchr(label, '.');
+ 		labellen = e ? (size_t) (e - label) : strlen(label);
+ 
+@@ -596,8 +596,10 @@ static int domain_to_punycode(const char *domain, char *out, size_t outsize)
+ 			outlen += labellen;
+ 		}
+ 
+-		if (e)
+		if (e) {
+			label = e + 1;
+ 			out[outlen++] = '.';
+		}
+ 		out[outlen] = 0;
+ 	}
+ 
+-- 
+2.27.0
+
--- a/backport-Fix-stack-buffer-overflow-WRITE-1-in-domain_to_punycode.patch
+++ b/backport-Fix-stack-buffer-overflow-WRITE-1-in-domain_to_punycode.patch
@ -0,0 +1,29 @@
+From 1023a9ad12d146608ba6326a3114f9b23b812124 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sat, 15 Jan 2022 22:38:32 +0100
+Subject: [PATCH] Fix stack buffer overflow WRITE 1 in domain_to_punycode()
+
+Reported-by: oss-fuzz (issue 39424 and issue 39226)
+
+The affected code would only be built into the library when
+configured to build without any IDNA library.
+---
+ src/psl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/psl.c b/src/psl.c
+index eefde3c..be95602 100644
+--- a/src/psl.c
+++ b/src/psl.c
+@@ -590,7 +590,7 @@ static int domain_to_punycode(const char *domain, char *out, size_t outsize)
+ 			memcpy(out + outlen, "xn--", 4);
+ 			outlen += 4;
+ 
+-			labellen = outsize - outlen - 1; // -1 to leave space for the trailing \0
+			labellen = outsize - outlen - (e != NULL) - 1; // -1 to leave space for the trailing \0
+ 			if (punycode_encode(inputlen, input, &labellen, out + outlen))
+ 				return 1;
+ 			outlen += labellen;
+-- 
+2.27.0
+
--- a/backport-Fix-write-buffer-overflow-by-1-in-domain_to_punycode.patch
+++ b/backport-Fix-write-buffer-overflow-by-1-in-domain_to_punycode.patch
@ -0,0 +1,285 @@
+From b2625f93f2dcb28ea6c4b33d4cb7ff50a24f3c00 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 26 Sep 2021 18:01:59 +0200
+Subject: [PATCH] Fix write buffer overflow by 1 in domain_to_punycode()
+
+This issue has been triggered after the previous commit increased
+the size of label_buf.
+
+It has been found by OSS-Fuzz (issue 39226).
+The testcase is included into the unit tests.
+---
+ ...stcase-libpsl_load_fuzzer-5191070590304256 | 231 ++++++++++++++++++
+ src/psl.c                                     |   5 +-
+ 2 files changed, 232 insertions(+), 4 deletions(-)
+ create mode 100644 fuzz/libpsl_load_fuzzer.repro/clusterfuzz-testcase-libpsl_load_fuzzer-5191070590304256
+
+diff --git a/fuzz/libpsl_load_fuzzer.repro/clusterfuzz-testcase-libpsl_load_fuzzer-5191070590304256 b/fuzz/libpsl_load_fuzzer.repro/clusterfuzz-testcase-libpsl_load_fuzzer-5191070590304256
+new file mode 100644
+index 0000000..9d276c1
+--- /dev/null
+++ b/fuzz/libpsl_load_fuzzer.repro/clusterfuzz-testcase-libpsl_load_fuzzer-5191070590304256
+@@ -0,0 +1,231 @@
+^^Z^^^^^^^^^^^^^^^^^^^^rRRRINS===
+com
+а
+зٰ
+Ե<>
+Ը
+٪
+ϰ
+Ը
+ٰ
+Ը
+ٸ
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰԸ
+ٰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+<2B>ؿ
+Ԏ
+ж
+ۺ
+׺
+й
+ظ
+ѷ
+٫
+ϲ
+յ
+ڸϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰԸ
+٪
+<2B>
+ۺ
+׺
+й
+ظ
+ѷ
+٫
+ϲ
+յ7뭏
+ڸϰ
+<2B>ۺ
+׺
+й
+ظ
+ѷ٫
+ϲ
+յ
+ڸϰ888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
+Ը
+٪
+ϰ
+<2B>^^^^^^^^^^^^^^^^^^^<5E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>^^^^^^^^m^^^^N^<5E>
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰԸ
+٪
+ϰ
+ظ
+ѷ
+ٰ
+Ԟ
+ڸ
+һһ
+غ
+иظ
+ѷ
+ٰ
+Ե
+٪
+ϰԸ
+٪
+ϰ
+<2B>
+ڸ
+һ
+غ
+ҹ
+ظ
+ѷ
+ٰԸ
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪٫
+ϲ
+յ
+ڸϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰԸ
+٪
+<2B>
+ۺ
+׺
+<2B>
+ϰ
+Ը
+٪
+ϰԸ
+ٰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+<2B>ؿ
+Ԏ
+ж
+ۺ
+׺Mй
+ظ
+ѷ
+٫
+ϲ
+յ
+ڸϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰԸ
+٪
+<2B>
+ۺ
+׺
+й
+ظ
+ѷ
+٫
+ϲ
+յ
+ڸϰ
+<2B>ۺ
+׺
+й
+ظ
+ѷ
+٫
+ϲ
+յ
+ڸϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰ
+Ը
+٪
+ϰԸ
+٪
+<2B>^^a^^^N^^^<5E>
+ظ
+<2B>^^^^^^^<5E>^
+^^^<5E>
+\ No newline at end of file
+diff --git a/src/psl.c b/src/psl.c
+index f1691e0..eefde3c 100644
+--- a/src/psl.c
+++ b/src/psl.c
+@@ -571,13 +571,11 @@ static int domain_to_punycode(const char *domain, char *out, size_t outsize)
+ 	for (e = label = domain; e; label = e + 1) {
+ 		e = strchr(label, '.');
+ 		labellen = e ? (size_t) (e - label) : strlen(label);
+-		/* printf("s=%s inlen=%zd\n", label, labellen); */
+ 
+ 		if (mem_is_ascii(label, labellen)) {
+ 			if (outlen + labellen + (e != NULL) >= outsize)
+ 				return 1;
+ 
+-			/* printf("outlen=%zd labellen=%zd\n", outlen, labellen); */
+ 			memcpy(out + outlen, label, labellen);
+ 			outlen += labellen;
+ 		} else {
+@@ -592,8 +590,7 @@ static int domain_to_punycode(const char *domain, char *out, size_t outsize)
+ 			memcpy(out + outlen, "xn--", 4);
+ 			outlen += 4;
+ 
+-			labellen = outsize - outlen;
+-			/* printf("n=%zd space_left=%zd\n", n, labellen); */
+			labellen = outsize - outlen - 1; // -1 to leave space for the trailing \0
+ 			if (punycode_encode(inputlen, input, &labellen, out + outlen))
+ 				return 1;
+ 			outlen += labellen;
+-- 
+2.27.0
+
--- a/libpsl.spec
+++ b/libpsl.spec
@ -1,12 +1,17 @@
 Name:		libpsl
 Version:	0.21.1
-Release:        2
+Release:	7
 Summary:	C library to handle the Public Suffix List
 License:	MIT
 URL:		https://github.com/rockdaboot/libpsl
 Source0:	https://github.com/rockdaboot/libpsl/releases/download/%{version}/libpsl-%{version}.tar.gz

-BuildRequires:	gcc git gtk-doc glib2-devel libxslt python3-devel
+Patch6000:      backport-Fix-write-buffer-overflow-by-1-in-domain_to_punycode.patch
+Patch6001:      backport-Fix-stack-buffer-overflow-WRITE-1-in-domain_to_punycode.patch
+Patch6002:      backport-Avoid-8bit-overflow-in-is_public_suffix.patch
+Patch6003:      backport-Avoid-NULL-add-1-as-it-is-UB.patch
+
+BuildRequires:	gcc gtk-doc glib2-devel libxslt python3-devel chrpath
 BuildRequires:	libicu-devel libidn2-devel publicsuffix-list libunistring-devel 
 Requires:	publicsuffix-list
 Provides:       psl = %{version}-%{release}
@ -49,7 +54,7 @@ Requires:	man
 The %{name}-help package contains doc files for %{name}.

 %prep
-%autosetup -n %{name}-%{version} -p1 -S git
+%autosetup -n %{name}-%{version} -p1
 sed -i -e "1s|#!.*|#!%{__python3}|" src/psl-make-dafsa

 %build
@ -68,6 +73,12 @@ sed -i -e "1s|#!.*|#!%{__python3}|" src/psl-make-dafsa
 install -m0755 src/psl-make-dafsa %{buildroot}/%{_bindir}
 rm -f %{buildroot}/%{_libdir}/%{name}.la

+#remove rpath
+chrpath -d %{buildroot}/%{_bindir}/psl
+
+mkdir -p %{buildroot}/etc/ld.so.conf.d
+echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+
 %check
 make check

@ -84,6 +95,7 @@ make check
 %{_libdir}/%{name}.so.*
 %{_bindir}/psl
 %{_bindir}/psl-make-dafsa
+%config(noreplace) /etc/ld.so.conf.d/*

 %files devel
 %{_includedir}/%{name}.h
@ -97,6 +109,21 @@ make check
 %{_datadir}/gtk-doc/html/%{name}

 %changelog
+* Mon Apr 15 2024 shixuantong <shixuantong1@huawei.com> - 0.21.1-7
+- Fix write buffer overflow by 1 in domain_to_punycode()
+- Fix stack buffer overflow WRITE 1 in domain_to_punycode()
+- Avoid 8bit overflow in is_public_suffix()
+- Avoid 'NULL + 1' as it is UB
+
+* Thu Oct 20 2022 gaoruoshu <gaoruoshu@huawei.com> - 0.21.1-5
+- reformat spec
+
+* Mon Sep 6 2021 panxiaohe <panxiaohe@huawei.com> - 0.21.1-4
+- remove rpath and runpath of exec files and libraries
+
+* Mon Jul 26 2021 panxiaohe <panxiaohe@huawei.com> - 0.21.1-3
+- Remove unnecessary BuildRequires:git
+
 * Tue Jul 20 2021 fuanan <fuanan3@huawei.com> - 0.21.1-2
 - Remove redundant gdb from BuildRequires

@ -112,7 +139,7 @@ make check
 - SUG: NA
 - DESC: docs: don't include the type hierarchy 

-* Wed Oct 10 2019 luhuaxin <luhuaxin@huawei.com> - 0.20.2-9
+* Wed Nov 06 2019 luhuaxin <luhuaxin@huawei.com> - 0.20.2-9
 - Type: enhancement
 - ID: NA
 - SUG: NA
Author	SHA1	Message	Date
openeuler-ci-bot	bda3dab49b	!20 回合社区bugfix补丁 From: @tong_1001 Reviewed-by: @znzjugod Signed-off-by: @znzjugod	2024-04-15 03:13:54 +00:00
shixuantong	10e27df36d	fix overflow and Avoid 'NULL + 1'	2024-04-15 10:56:51 +08:00
openeuler-ci-bot	27343f84f4	!12 【轻量级 PR】：fix bogus date in %changelog From: @leeffo Reviewed-by: @lvying6 Signed-off-by: @lvying6	2022-12-20 08:40:54 +00:00
openeuler-ci-bot	ee31b179f2	!16 [libpsl] reformat spec From: @gaoruoshu Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1	2022-10-20 09:27:04 +00:00
gaoruoshu	76a5252d99	[libpsl] reformat spec Signed-off-by: gaoruoshu <gaoruoshu@huawei.com>	2022-10-20 07:39:04 +00:00
loong-C	da4d9cb443	fix bogus date in %changelog ![输入图片说明](https://images.gitee.com/uploads/images/2022/0615/132653_b80e08d9_9884780.png "屏幕截图.png")	2022-06-15 05:28:05 +00:00
openeuler-ci-bot	15f4b98dd6	!8 remove rpath and runpath of exec files and libraries From: @panxh_purple Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1	2021-09-07 01:14:06 +00:00
panxiaohe	c3f80fc15d	remove rpath and runpath of exec files and libraries	2021-09-06 14:21:43 +08:00
openeuler-ci-bot	dfeb4d9173	!7 Remove unnecessary BuildRequires:git From: @panxh_purple Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1	2021-07-27 09:20:25 +00:00
panxiaohe	4827c6a434	Remove unnecessary BuildRequires:git	2021-07-26 20:19:49 +08:00