Since commit deabd4a, psl2c has been replaced by psl-make-dafsa.
The builtin PSL data is always generated the same way, and the value of the builtin
configure option does not matter anymore.
The built-in data is now embedded by default (instead of the previous "auto"), unless
explicitly disabled by --disable-builtin/-Dbuiltin=false.
When not using an run-time runtime IDNA library (--disable-runtime/-Druntime=no), libpsl can
now include the built-in data without any build-time dependency.
Reported-by: oss-fuzz (issue 39424 and issue 39226)
The affected code would only be built into the library when
configured to build without any IDNA library.
This issue has been triggered after the previous commit increased
the size of label_buf.
It has been found by OSS-Fuzz (issue 39226).
The testcase is included into the unit tests.
Use WSAStringToAddressW() instead of inet_pton()
Undefine _WIN32_WINNT before (re)define it.
Fix if this macro is already declared somewhere.
Just add Winsock, no need to test anymore.
The number of characters must be used.
Use countof() macro instead
Improved fixes for Windows
Include the Windows/Winsock2 counterparts of the networking headers on
Windows and avoid including *NIX-specific headers on Windows.
Also remove the small bits of C99isms from the code.
Large inputs on psl_registrable_domain() and psl_unregistrable_domain()
suffer from a O(N^2) behavior. This change limits N to avoid excessive
CPU usage.
At the same time we limit the fuzz corpora size to 64k which is far more
then we expect any real life domain to be.
Reported-by: OSS-Fuzz
When writing a wrapper around LibPSL in a different language it is
important that libpsl provide functions to free any memory that it
allocates. Without this, it is impossible to correctly free the memory
allocated by psl_str_to_utf8lower() function since in other languages
one may not have access to the same free() call from libc.
Added a reproducer corpus and fixed the broken libicu code.
The buffer overflow could be triggered by psl_load(), psl_load_fp(),
psl_is_public_suffix(), psl_is_public_suffix2(), psl_unregistrable_domain(),
and psl_registrable_domain().
Using valgrind testing the fuzz corpora revealed a missing
check in _add_punycode_if_needed() which lead to a
"Uninitialised value was created by a stack allocation".
Thanks to OSS-fuzz for the corpora, thanks valgrind to find this
issue (asan and ubsan didn't find it).
Tim Rühsen
Cœur
Loïc Yhuel
Xavier Claessens
Jakub Adam
carlo-bramini
Chun-wei Fan
Claudio Saavedra
Darshit Shah