Commit Graph

178 Commits

Author SHA1 Message Date
Tim Rühsen a6e4703318 Fix oss-fuzz issue #2600 (buffer overflow in libicu code)
Added a reproducer corpus and fixed the broken libicu code.
The buffer overflow could be triggered by psl_load(), psl_load_fp(),
psl_is_public_suffix(), psl_is_public_suffix2(), psl_unregistrable_domain(),
and psl_registrable_domain().
2017-07-13 15:40:58 +02:00
Tim Rühsen 926cc34ade Fix uninitialised value created by stack allocation
Using valgrind testing the fuzz corpora revealed a missing
check in _add_punycode_if_needed() which lead to a
"Uninitialised value was created by a stack allocation".

Thanks to OSS-fuzz for the corpora, thanks valgrind to find this
issue (asan and ubsan didn't find it).
2017-07-09 20:21:55 +02:00
Tim Rühsen 492c884d7d Fix memory overflow in LIBICU code of psl_str_to_utf8lower()
Immediately discovered with the new --enable-asan / --enable-ubsan
configure options, thanks to the fuzz corpora.
2017-06-20 16:30:29 +02:00
Tim Rühsen d686c1fff7 Fix memleak in _psl_is_public_suffix() (found by fuzzing) 2017-06-13 22:24:18 +02:00
Tim Rühsen e584007f42 * src/psl.c (psl_str_to_utf8lower): Fix docs 2017-06-12 17:00:53 +02:00
Tim Rühsen 045bf63031 Fix double free in psl_load_fp(), found by fuzzing 2017-06-09 22:53:19 +02:00
Tim Rühsen a33feb8ff4 Fix typos found by ka7/misspell_fixer 2017-04-19 11:46:27 +02:00
Tim Rühsen 448f6e4564 Fix order of files in psl_latest()
If 'dist_filename' and 'filename' are given and both have the same
age, we want 'dist_filename' (expected DAFSA) being loaded.
2017-02-21 12:18:29 +01:00
Tim Rühsen eda8276b5f Use NON-TRANSITIONAL toASCII() with libicu 2017-01-16 10:47:21 +01:00
Tim Rühsen 26d0856d0a Fix typo 2017-01-16 10:26:12 +01:00
Tim Rühsen 526768cc5d Use TR46 non-transitional with libidn2 >= 0.14
I changed my mind after talking with the cURL
maintainer Daniel Stenberg.
See https://github.com/curl/curl/pull/1207
2017-01-14 15:47:44 +01:00
Tim Rühsen 2c17d56234 Use TR46 transitional with libidn2 >= 0.14 2017-01-03 12:30:43 +01:00
Tim Rühsen ff29f13d8f Add functions psl_latest() and psl_dist_filename()
Also add a new ./configure function to set a distribution wide
PSL file used by psl_latest(): --with-psl-distfile
If possible that filename should point to a DAFSA PSL file that
becomes updated regularly.
2016-12-06 20:16:12 +01:00
Tim Rühsen deabd4a546 Replace psl2c by psl-make-dafsa
Removed --input-format from psl-make-dafsa.
Added --output-format=cxx+ to psl-make-dafsa.
Removed psl2c.
2016-12-06 15:22:18 +01:00
Tim Rühsen 6490b8214b Don't taint out variable on error in psl_str_to_utf8lower()
Fixes #71
2016-12-05 16:28:47 +01:00
Tim Rühsen b9e04d6958 Update copyright year 2016-12-05 15:03:27 +01:00
Tim Rühsen 2a3a743643 Fix typo Publix -> Public 2016-12-05 15:01:27 +01:00
Frederic Cambus 9f0b09e830 Missing includes for in6_addr / AF_INET*, fixes compilation on OpenBSD 2016-12-02 19:11:18 +01:00
Tim Rühsen 65e785e1ca Replace NFCK -> NFKC in the docs 2016-11-29 14:49:35 +01:00
Tim Rühsen 5d32b80077 Make API docs more detailed 2016-11-14 12:08:20 +01:00
Olle Liljenzin 3f276c7d1e Fix psl-make-dafsa to work with python3 2016-11-12 21:21:28 +01:00
Tim Rühsen 761d938d2a Fix name of Olle Liljenzin in src/psl-make-dafsa.1 2016-11-06 22:47:33 +01:00
Olle Liljenzin 3a4dff8805 Fixed documentation and error message to match the actual code. 2016-11-06 16:26:44 +01:00
Tim Rühsen 2c871b1306 Skip conversion in _psl_is_public_suffix() for builtin psl context 2016-11-06 11:59:36 +01:00
Tim Rühsen 44e6bd4eb8 src/psl2c.c: Also include UTF-8 into DAFSA output 2016-11-06 11:30:20 +01:00
Tim Rühsen 3211a66f00 Put punycode + UTF-8 rules into DAFSA in utf-8 mode 2016-11-06 11:30:20 +01:00
Tim Rühsen 3ac807d987 Add --encoding to psl-make-dafsa man page 2016-11-05 10:37:01 +01:00
Tim Rühsen 4b42762cbf Skip punycode conversion for _psl_is_public_suffix() if data contains UTF-8 rules 2016-11-05 10:37:01 +01:00
Olle Liljenzin 86034ac7c9 Added function to the parser for reading DAFSA encoding mode. 2016-11-05 10:37:01 +01:00
Olle Liljenzin 8c2bcd5a24 Added version info into generated DAFSA.
psl-make-dafsa got a mode switch so that the old version can be
generated for testing.
2016-11-05 10:01:54 +01:00
Olle Liljenzin e03953e27a Updated DAFSA generator and parser to support UTF-8 encoding 2016-11-05 10:01:54 +01:00
Tim Rühsen 598a78b2de Add better test code coverage 2016-09-26 15:15:34 +02:00
Tim Rühsen 5ebc24f0e0 Code cleanup in libidn2 branch of _psl_idna_toASCII()
Reported-by: https://github.com/daurnimator
2016-09-26 10:13:43 +02:00
Tim Rühsen 7eb8592035 Let u8_tolower() allocate the result buffer.
Reported-by: https://github.com/daurnimator
2016-09-25 19:44:33 +02:00
Tim Rühsen 32543dd5a5 Avoid unneeded memory allocactions in psl_str_to_utf8lower()
Reported-by: https://github.com/daurnimator
2016-09-25 12:49:56 +02:00
Tim Rühsen 1baaacccd5 Fix libidn/libidn2 code path of psl_str_to_utf8lower()
* fixing memory leaks
* proper handling of unterminated results of u8_tolower()
* second call to iconv() ensures flush of internal memory
* check more code paths of psl_str_to_utf8lower() via
  tests/test-registrable-domain.c
2016-09-23 12:35:08 +02:00
Tim Rühsen e2812e8c4c Check return value for strdup and strndup
Fixes #60
Reported-by: https://github.com/daurnimator
2016-09-22 15:53:31 +02:00
Tim Rühsen 351b3fb912 Remove redundant define of countof() 2016-09-22 11:37:23 +02:00
Tim Rühsen 9e1ca81be4 Remove memory allocations from _utf8_to_utf32()
Reported-by: https://github.com/daurnimator
2016-09-22 11:19:52 +02:00
Tim Rühsen 6cfb33e530 Amend API docs to be more precise about invalid input.
Fixes #59
Reported-by: https://github.com/daurnimator
2016-09-21 12:03:00 +02:00
Tim Rühsen 10f7b5fe7c Fallback to malloc from alloca for larger memory chunks
Fixes #58
Reported-by: https://github.com/daurnimator
2016-09-21 11:54:39 +02:00
Tim Rühsen 1ab7be5641 Check malloc/realloc results in src/psl.c
Fixes #57
Reported-by: https://github.com/daurnimator
2016-09-21 11:15:43 +02:00
Dagobert Michelsen 7983f86820 Use proper library path and libs for ICU 2016-09-17 14:46:06 +02:00
Tim Rühsen 126d2dca9c Package and install psl.1 and psl-make-dafsa.1
Fixes #53
Reported-by: https://github.com/yselkowitz
2016-09-17 14:46:00 +02:00
Jeremy Ehrhardt 003dec4203 Change src/psl-make-dafsa shebang so it'll run on OS X 2016-09-16 18:42:54 -07:00
Daniel Kahn Gillmor dc7bf5bbae rename src/make_dafsa.py to src/psl-make-dafsa, add documentation
I've talked to the good people on #debian-bootstrap who would be most
affected by the possible build-dep cycle, and i think the simplest
approach is actually to split out make_dafsa.py into its own
architecture-independent package.

I'm thinking i'll call the package psl-make-dafsa, and in the course of
shipping it, i'll place src/make_dafsa.py as /usr/bin/psl-make-dafsa.

This is because:

 * debian discourages scripts on the $PATH from having language-specific
   suffixes like .py:

    https://lintian.debian.org/tags/script-with-language-extension.html

 * "-" appears to be a more common delimiter in command names than "_":

    0 dkg@alice:~$ for x in - _; do printf "%s: %d " "$x" $(ls -1 ${PATH//:/ } | grep -c "$x"); done; echo
    -: 1235 _: 368
    0 dkg@alice:~$

 * i'd prefer to prefix the command with "psl-" since it really is
   producing and interpreting PSL-specific data structures.

Accepting this patch would mean i'd have fewer changes to make in the
debian packaging, and would allow other distributors to take a similar
approach if they want to.
2016-07-14 11:55:04 +02:00
Tim Rühsen 8dba092c73 Add magic header to DAFSA binary files 2016-07-13 11:14:18 +02:00
Tim Rühsen 852931571f Fixed invocation of make_dafsa.py in psl2c.c 2016-07-13 11:13:04 +02:00
Daniel Kahn Gillmor dc9cc02982 s/publix/public/ 2016-07-06 15:32:51 +02:00
Daniel Kahn Gillmor 248327e4aa use https where possible 2016-07-06 15:32:51 +02:00