libc: fix overflow of domain component rune buffer for idn2utf()
If the source string has a run of more than 256 runes without a "." dot, we'd overflow the runebuffer in idn2utf(). The utf2idn() routine had a check in the while loop, but that is actually wrong too, as it would insert a dot and restart the loop in the middle of a domain component. Just error out if a domain component is too long.
This commit is contained in:
cinap_lenrek
parent
7b4e3be27e
commit
9d15403fda
1 changed files with 5 additions and 1 deletions
|
|
@ -200,6 +200,8 @@ idn2utf(char *name, char *buf, int nbuf)
|
|||
n = chartorune(&r, cp+nc);
|
||||
if(r == '.')
|
||||
break;
|
||||
if(nr >= nelem(rb))
|
||||
return -1;
|
||||
rb[nr++] = r;
|
||||
nc += n;
|
||||
}
|
||||
|
|
@ -234,10 +236,12 @@ utf2idn(char *name, char *buf, int nbuf)
|
|||
cp = name;
|
||||
for(;;){
|
||||
nc = nr = 0;
|
||||
while(cp[nc] != 0 && nr < nelem(rb)){
|
||||
while(cp[nc] != 0){
|
||||
n = chartorune(&r, cp+nc);
|
||||
if(r == '.')
|
||||
break;
|
||||
if(nr >= nelem(rb))
|
||||
return -1;
|
||||
rb[nr++] = r;
|
||||
nc += n;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue