Swiftdiff options
| author | Tobias Markmann <tm@ayena.de> | 2015-09-17 08:14:57 (GMT) |
|---|---|---|
| committer | Swift Review <review@swift.im> | 2015-10-16 10:38:19 (GMT) |
| commit | 3a2b966711dbe6fa937c485d7ad56916219badb2 (patch) | |
| tree | 30e9f30bc3f2a3ca6b4ed0c5c11f4ae0703485d0 /Swiften/IDN/LibIDNConverter.cpp | |
| parent | 582ca915b5b82ada46d1183a7b882455ee01b7b1 (diff) | |
| download | swift-3a2b966711dbe6fa937c485d7ad56916219badb2.zip swift-3a2b966711dbe6fa937c485d7ad56916219badb2.tar.bz2 | |
Add UTF-8 validation function and validate input to libIDN functions
This is required to protect against the CVE-2015-2059 vulnerability in
libIDN.
Test-Information:
Added unit tests for UTF-8 validation and tested that existing unit
tests still pass.
Change-Id: I0a94136894c6e0004081456c59155a78a3dabf5f
Diffstat (limited to 'Swiften/IDN/LibIDNConverter.cpp')
| -rw-r--r-- | Swiften/IDN/LibIDNConverter.cpp | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/Swiften/IDN/LibIDNConverter.cpp b/Swiften/IDN/LibIDNConverter.cpp index f36929a..78303b1 100644 --- a/Swiften/IDN/LibIDNConverter.cpp +++ b/Swiften/IDN/LibIDNConverter.cpp | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * Copyright (c) 2012-2013 Isode Limited. | 2 | * Copyright (c) 2012-2015 Isode Limited. |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * See the COPYING file for more information. | 4 | * See the COPYING file for more information. |
| 5 | */ | 5 | */ |
| 6 | 6 | ||
| 7 | #include <Swiften/IDN/LibIDNConverter.h> | 7 | #include <Swiften/IDN/LibIDNConverter.h> |
| @@ -9,16 +9,19 @@ | |||
| 9 | extern "C" { | 9 | extern "C" { |
| 10 | #include <stringprep.h> | 10 | #include <stringprep.h> |
| 11 | #include <idna.h> | 11 | #include <idna.h> |
| 12 | } | 12 | } |
| 13 | 13 | ||
| 14 | #include <vector> | ||
| 15 | #include <cassert> | 14 | #include <cassert> |
| 16 | #include <cstdlib> | 15 | #include <cstdlib> |
| 16 | #include <vector> | ||
| 17 | |||
| 18 | #include <boost/shared_ptr.hpp> | ||
| 19 | |||
| 17 | #include <Swiften/Base/ByteArray.h> | 20 | #include <Swiften/Base/ByteArray.h> |
| 18 | #include <Swiften/Base/SafeAllocator.h> | 21 | #include <Swiften/Base/SafeAllocator.h> |
| 19 | #include <boost/shared_ptr.hpp> | 22 | #include <Swiften/IDN/UTF8Validator.h> |
| 20 | 23 | ||
| 21 | using namespace Swift; | 24 | using namespace Swift; |
| 22 | 25 | ||
| 23 | namespace { | 26 | namespace { |
| 24 | static const int MAX_STRINGPREP_SIZE = 1024; | 27 | static const int MAX_STRINGPREP_SIZE = 1024; |
| @@ -35,10 +38,14 @@ namespace { | |||
| 35 | } | 38 | } |
| 36 | 39 | ||
| 37 | template<typename StringType, typename ContainerType> | 40 | template<typename StringType, typename ContainerType> |
| 38 | ContainerType getStringPreparedInternal(const StringType& s, IDNConverter::StringPrepProfile profile) { | 41 | ContainerType getStringPreparedInternal(const StringType& s, IDNConverter::StringPrepProfile profile) { |
| 39 | ContainerType input(s.begin(), s.end()); | 42 | ContainerType input(s.begin(), s.end()); |
| 43 | if (!UTF8IsValid(s.data(), s.size())) { | ||
| 44 | return ContainerType(); | ||
| 45 | } | ||
| 46 | |||
| 40 | input.resize(MAX_STRINGPREP_SIZE); | 47 | input.resize(MAX_STRINGPREP_SIZE); |
| 41 | if (stringprep(&input[0], MAX_STRINGPREP_SIZE, static_cast<Stringprep_profile_flags>(0), getLibIDNProfile(profile)) == 0) { | 48 | if (stringprep(&input[0], MAX_STRINGPREP_SIZE, static_cast<Stringprep_profile_flags>(0), getLibIDNProfile(profile)) == 0) { |
| 42 | return input; | 49 | return input; |
| 43 | } | 50 | } |
| 44 | else { | 51 | else { |