packages/libuv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libuv/backport-0002-CVE-2024-24806.patch
shixuantong 64e8f8c28f fix CVE-2024-24806
2024-02-05 04:55:17 +08:00

41 lines
1.0 KiB
Diff
Raw Blame History

From 3530bcc30350d4a6ccf35d2f7b33e23292b9de70 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Thu, 18 Jan 2024 14:52:38 +0100
Subject: [PATCH] fix: reject zero-length idna inputs
Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
---
src/idna.c | 3 +++
test/test-idna.c | 1 +
2 files changed, 4 insertions(+)
diff --git a/src/idna.c b/src/idna.c
index 645165c..abbfe87 100644
--- a/src/idna.c
+++ b/src/idna.c
@@ -273,6 +273,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
char* ds;
int rc;
+ if (s == se)
+ return UV_EINVAL;
+
ds = d;
si = s;
diff --git a/test/test-idna.c b/test/test-idna.c
index d079be5..d59b521 100644
--- a/test/test-idna.c
+++ b/test/test-idna.c
@@ -114,6 +114,7 @@ TEST_IMPL(utf8_decode1_overrun) {
ASSERT_EQ(p, b + 1);
b[0] = 0x7F;
+ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1));
ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
return 0;
--
2.41.0
Reference in New Issue View Git Blame Copy Permalink