30 lines
1009 B
Diff
30 lines
1009 B
Diff
From 1023a9ad12d146608ba6326a3114f9b23b812124 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
|
|
Date: Sat, 15 Jan 2022 22:38:32 +0100
|
|
Subject: [PATCH] Fix stack buffer overflow WRITE 1 in domain_to_punycode()
|
|
|
|
Reported-by: oss-fuzz (issue 39424 and issue 39226)
|
|
|
|
The affected code would only be built into the library when
|
|
configured to build without any IDNA library.
|
|
---
|
|
src/psl.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/psl.c b/src/psl.c
|
|
index eefde3c..be95602 100644
|
|
--- a/src/psl.c
|
|
+++ b/src/psl.c
|
|
@@ -590,7 +590,7 @@ static int domain_to_punycode(const char *domain, char *out, size_t outsize)
|
|
memcpy(out + outlen, "xn--", 4);
|
|
outlen += 4;
|
|
|
|
- labellen = outsize - outlen - 1; // -1 to leave space for the trailing \0
|
|
+ labellen = outsize - outlen - (e != NULL) - 1; // -1 to leave space for the trailing \0
|
|
if (punycode_encode(inputlen, input, &labellen, out + outlen))
|
|
return 1;
|
|
outlen += labellen;
|
|
--
|
|
2.27.0
|
|
|