We now check for whether the build is done on Windows, so that:
-We link to -lws2_32, which is necessary for the networking functions
on Windows.
-We default to using libicu on Windows for the runtime and builtins,
as the code using libidn and libidn2 use stuff from langinfo.h, which
is not available on Windows.
-We do not build and run the tests under fuzz/ as Windows does not have
fmemopen().
This enables the code to be built on Windows via MinGW.
Large inputs on psl_registrable_domain() and psl_unregistrable_domain()
suffer from a O(N^2) behavior. This change limits N to avoid excessive
CPU usage.
At the same time we limit the fuzz corpora size to 64k which is far more
then we expect any real life domain to be.
Reported-by: OSS-Fuzz
Added a reproducer corpus and fixed the broken libicu code.
The buffer overflow could be triggered by psl_load(), psl_load_fp(),
psl_is_public_suffix(), psl_is_public_suffix2(), psl_unregistrable_domain(),
and psl_registrable_domain().
Add --enable-cfi ./configure option to enable
LLVM/Clang's Control Flow Integrity for builds.
CFI aborts a program upon detecting certain forms of undefined behavior
that can potentially allow attackers to subvert the program’s control flow.
Chun-wei Fan
Tim Rühsen
Dagobert Michelsen