Commit Graph

434 Commits

Author SHA1 Message Date
Tim Rühsen a6e4703318 Fix oss-fuzz issue #2600 (buffer overflow in libicu code)
Added a reproducer corpus and fixed the broken libicu code.
The buffer overflow could be triggered by psl_load(), psl_load_fp(),
psl_is_public_suffix(), psl_is_public_suffix2(), psl_unregistrable_domain(),
and psl_registrable_domain().
2017-07-13 15:40:58 +02:00
Tim Rühsen 3f03987897 Fix fuzz/ regression tester building 2017-07-13 15:39:46 +02:00
Tim Rühsen 631362d3d0 Fuzz all types of builds (idn2, idn, icu, none) 2017-07-12 15:37:35 +02:00
Tim Rühsen 2abce22058 Add UBSAN testing for Travis CI 2017-07-09 20:53:56 +02:00
Tim Rühsen 926cc34ade Fix uninitialised value created by stack allocation
Using valgrind testing the fuzz corpora revealed a missing
check in _add_punycode_if_needed() which lead to a
"Uninitialised value was created by a stack allocation".

Thanks to OSS-fuzz for the corpora, thanks valgrind to find this
issue (asan and ubsan didn't find it).
2017-07-09 20:21:55 +02:00
Tim Rühsen d583db99b8 Update oss-fuzz target for static linking 2017-07-08 18:02:52 +02:00
Tim Rühsen 467f035f0a Add one new corpus for libpsl_load_fuzzer 2017-07-08 12:11:50 +02:00
Tim Rühsen 90a1198939 Find static libidn2 via configure 2017-07-06 11:08:20 +02:00
Tim Rühsen 49c9fade7a Fix fuzz/run-clang.sh for CTRL-C 2017-07-02 21:23:10 +02:00
Tim Rühsen f2b9b2447a Remove C++ settings from fuzz/README.md 2017-07-02 21:11:43 +02:00
Tim Rühsen 5e562e6f3b Update fuzzer corpora and scripts 2017-06-30 19:55:55 +02:00
Tim Rühsen 61824edc3d Add oss-fuzz corpora downloader 2017-06-26 19:55:04 +02:00
Tim Rühsen 0cbb7089f6 Enable ASan for Travis CI testing 2017-06-20 21:08:35 +02:00
Tim Rühsen b858480f0d Add --enable-asan --enable-ubsan to contrib/check-hard 2017-06-20 16:44:41 +02:00
Tim Rühsen 492c884d7d Fix memory overflow in LIBICU code of psl_str_to_utf8lower()
Immediately discovered with the new --enable-asan / --enable-ubsan
configure options, thanks to the fuzz corpora.
2017-06-20 16:30:29 +02:00
Tim Rühsen 47734a6f1f Add --enable-asan and --enable-usan configure options 2017-06-20 16:27:18 +02:00
Tim Rühsen e20e6f369b Add clang's CFI instrumentation
Add --enable-cfi ./configure option to enable
LLVM/Clang's Control Flow Integrity for builds.

CFI aborts a program upon detecting certain forms of undefined behavior
that can potentially allow attackers to subvert the program’s control flow.
2017-06-19 17:14:29 +02:00
Tim Rühsen d417badedb New corpora for libpsl_load_fuzzer 2017-06-19 10:49:26 +02:00
Tim Rühsen 81737c9260 New OSS-Fuzz corpora for libpsl_load_dafsa_fuzzer 2017-06-19 10:44:20 +02:00
Tim Rühsen fa69455d07 Add fuzz/ stuff to .gitignore 2017-06-14 14:37:23 +02:00
Tim Rühsen f304dbe324 More fuzzer improvements 2017-06-14 12:48:58 +02:00
Tim Rühsen 43f460d4c5 New OSS-Fuzz corpora for libpsl_fuzzer 2017-06-14 11:40:56 +02:00
Tim Rühsen 44db84e6ec More corpora for libpsl_load_dafsa_fuzzer 2017-06-14 10:00:49 +02:00
Tim Rühsen 666c07b364 New fuzz/libpsl_load_fuzzer.c plus corpus directory 2017-06-14 09:49:07 +02:00
Tim Rühsen 6ca1304bd4 Fix libpsl_load_dafsa_fuzzer for libc6 < 2.22 2017-06-14 09:07:54 +02:00
Tim Rühsen d686c1fff7 Fix memleak in _psl_is_public_suffix() (found by fuzzing) 2017-06-13 22:24:18 +02:00
Tim Rühsen 812e887530 New fuzz corpora 2017-06-13 22:17:09 +02:00
Tim Rühsen 896a5e299a Enhance fuzzing 2017-06-13 22:16:14 +02:00
Tim Rühsen e8f083e867 Add function calls to fuzz/libpsl_fuzzer.c 2017-06-12 17:07:54 +02:00
Tim Rühsen 9da4e94c1a Update fuzz/README.md 2017-06-12 17:07:07 +02:00
Tim Rühsen e584007f42 * src/psl.c (psl_str_to_utf8lower): Fix docs 2017-06-12 17:00:53 +02:00
Tim Rühsen 045bf63031 Fix double free in psl_load_fp(), found by fuzzing 2017-06-09 22:53:19 +02:00
Tim Rühsen bce2e9acb0 fuzz/fuzzer.h: Add extern 'C' 2017-06-09 20:35:46 +02:00
Tim Rühsen f41c6aaf63 Add fuzzing architecture 2017-06-09 16:27:37 +02:00
Tim Rühsen fa2985a535 Update PSL submodule 2017-06-09 11:01:17 +02:00
Tim Rühsen a33feb8ff4 Fix typos found by ka7/misspell_fixer 2017-04-19 11:46:27 +02:00
Tim Rühsen d23cf2bf17 Update PSL submodule 2017-04-19 11:43:11 +02:00
Tim Rühsen 448f6e4564 Fix order of files in psl_latest()
If 'dist_filename' and 'filename' are given and both have the same
age, we want 'dist_filename' (expected DAFSA) being loaded.
2017-02-21 12:18:29 +01:00
Tim Rühsen 8fddb72033 Release v0.17.0 2017-01-16 12:57:25 +01:00
Tim Rühsen 2aa06e17c8 Update PSL submodule 2017-01-16 12:14:37 +01:00
Tim Rühsen eda8276b5f Use NON-TRANSITIONAL toASCII() with libicu 2017-01-16 10:47:21 +01:00
Tim Rühsen 26d0856d0a Fix typo 2017-01-16 10:26:12 +01:00
Tim Rühsen 526768cc5d Use TR46 non-transitional with libidn2 >= 0.14
I changed my mind after talking with the cURL
maintainer Daniel Stenberg.
See https://github.com/curl/curl/pull/1207
2017-01-14 15:47:44 +01:00
Tim Rühsen 71059c2c6d Work around https://github.com/eddyxu/cpp-coveralls/issues/108 2017-01-04 20:25:38 +01:00
Tim Rühsen 1a06a6c888 Add coveralls token to .travis_coveralls.sh 2017-01-04 17:19:05 +01:00
Tim Rühsen 31684dc7fd Add psl_latest() and psl_dist_filename() to tests 2017-01-04 17:10:57 +01:00
Tim Rühsen a3f6134a5e Amend .travis_coveralls.sh 2017-01-04 16:54:09 +01:00
Tim Rühsen 2c17d56234 Use TR46 transitional with libidn2 >= 0.14 2017-01-03 12:30:43 +01:00
Tim Rühsen 7d5f3a67af Release v0.16.1 2016-12-15 13:01:45 +01:00
Tim Rühsen d4ea513f27 Add --use-latest-psl to tools/psl, now default
Fixes #76
2016-12-15 12:51:35 +01:00