Re: [PATCH COMMITTED] Switch IDNA implementation to libidn2 [BZ #19728] [BZ #19729] [BZ #22247]

unofficial mirror of libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: "H.J. Lu" <hjl.tools@gmail.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH COMMITTED] Switch IDNA implementation to libidn2 [BZ #19728] [BZ #19729] [BZ #22247]
Date: Wed, 23 May 2018 09:44:39 -0700	[thread overview]
Message-ID: <CAMe9rOroY25YVfHtz1WUwkE_yQYrdj=5NBX0MareEendtRBYyQ@mail.gmail.com> (raw)
In-Reply-To: <20180523132942.17F52402B59C6@oldenburg.str.redhat.com>

On Wed, May 23, 2018 at 6:29 AM, Florian Weimer <fweimer@redhat.com> wrote:
> This provides an implementation of the IDNA2008 standard and fixes
> CVE-2016-6261, CVE-2016-6263, CVE-2017-14062.
>
> 2018-05-23  Florian Weimer  <fweimer@redhat.com>
>
>         [BZ #19728]
>         [BZ #19729]
>         [BZ #22247]
>         CVE-2016-6261
>         CVE-2016-6263
>         CVE-2017-14062
>         Switch to extern IDNA implementation (libidn2).
>         * libidn: Remove subdirectory.
>         * LICENSES: Do not mention licensing conditions for the removed
>         libidn code.
>         * config.h.in (HAVE_LIBIDN): Remove.
>         * include/dlfcn.h (__libc_dlopen): Update comment.
>         * include/idna.h: Remove file.
>         * inet/Makefile (routines): Add idna.
>         (tests-static, tests-internal): Add tst-idna_name_classify.
>         (LOCALES): Generate locales for tests.
>         (tst-idna_name_classify.out): Depend on generated locales.
>         * inet/idna_name_classify.c: New file.
>         * inet/tst-idna_name_classify.c: Likewise.
>         * inet/net-internal.h (__idna_to_dns_encoding)
>         (__idna_from_dns_encoding): Declare.
>         * inet/net-internal.h (enum idna_name_classification): Define.
>         (__idna_name_classify): Declare.
>         * inet/Versions (GLIBC_PRIVATE): Add __idna_to_dns_encoding,
>         __idna_from_dns_encoding.
>         * inet/getnameinfo.c (DEPRECATED_NI_IDN): Define.
>         (gni_host_inet_name): Call __idna_from_dns_encoding.  Use punycode
>         name as a fallback in case of encoding errors.
>         (getnameinfo): Use DEPRECATED_NI_IDN.
>         * inet/idna.c: New file.
>         * nscd/gai.c: Do not include <libidn/idn-stub.c>.
>         * resolv/Makefile (tests): Add tst-resolv-ai_idn,
>         tst-resolv-ai_idn-latin1, tst-resolv-ai_idn-nolibidn2.
>         (modules-names): Add tst-no-libidn2.
>         (extra-test-objs): Add tst-no-libidn2.os.
>         (LDFLAGS-tst-no-libidn2.so): Set soname.
>         (LOCALES): Set, and generate locales.
>         (tst-resolv-ai_idn): Link with -ldl -lresolv -lpthread.
>         (tst-resolv-ai_idn-latin1): Likewise.
>         (tst-resolv-ai_idn-nolibidn2): Likewise.
>         (tst-resolv-ai_idn.out): Depend on locales.
>         (tst-resolv-ai_idn-latin1.out): Depend on locales.
>         (tst-resolv-ai_idn-nolibidn2.out): Depend on locales and
>         tst-no-libidn2.so.
>         * resolv/netdb.h (AI_IDN_ALLOW_UNASSIGNED)
>         (AI_IDN_USE_STD3_ASCII_RULES, NI_IDN_ALLOW_UNASSIGNED)
>         (NI_IDN_USE_STD3_ASCII_RULES): Deprecate.
>         * resolv/tst-resolv-ai_idn.c: New file.
>         * resolv/tst-resolv-ai_idn-latin1.c: Likewise.
>         * resolv/tst-resolv-ai_idn-nolibidn2.c: Likewise.
>         * resolv/tst-no-libidn2.c: Likewise.
>         * support/support_format_addrinfo.c (format_ai_flags): Do not
>         handle AI_IDN_ALLOW_UNASSIGNED, AI_IDN_USE_STD3_ASCII_RULES.
>         * sysdeps/posix/getaddrinfo.c (DEPRECATED_AI_IDN): Define.
>         (gaih_inet): Call __idna_to_dns_encoding and
>         __idna_from_dns_encoding, and use the original (punycode) name if
>         __idna_from_dns_encoding fails due to an encoding error.
>         (getaddrinfo): Use DEPRECATED_AI_IDN.
>         * sysdeps/unix/inet/Subdirs (libidn): Remove.
>         * sysdeps/unix/inet/configure: Remove file.
>         * sysdeps/unix/inet/configure.ac: Likewise.
>

On Fedora 28, I got

FAIL: resolv/tst-resolv-ai_idn
FAIL: resolv/tst-resolv-ai_idn-latin1

[hjl@gnu-hsw-1 build-x86_64-linux]$ cat resolv/tst-resolv-ai_idn.out
error: addrinfo comparison failure
query: nämchen_zwo.example:80 AF_INET/0x40
--- expected
+++ actual
@@ -1,2 +1 @@
-flags: AI_IDN
-address: STREAM/TCP 192.0.2.120 80
+error: Parameter string not correctly encoded
error: addrinfo comparison failure
query: nämchen_zwo.example:80 AF_INET/0x42
--- expected
+++ actual
@@ -1,3 +1 @@
-flags: AI_CANONNAME AI_IDN
-canonname: xn--nmchen_zwo-q5a.example
-address: STREAM/TCP 192.0.2.120 80
+error: Parameter string not correctly encoded
error: addrinfo comparison failure
query: nämchen_zwo.example:80 AF_INET/0xc2
--- expected
+++ actual
@@ -1,3 +1 @@
-flags: AI_CANONNAME AI_IDN AI_CANONIDN
-canonname: nämchen_zwo.example
-address: STREAM/TCP 192.0.2.120 80
+error: Parameter string not correctly encoded
error: addrinfo comparison failure
query: With.idn-cname.nämchen.example:80 AF_INET/0x40
--- expected
+++ actual
@@ -1,2 +1,2 @@
 flags: AI_IDN
-address: STREAM/TCP 192.0.2.119 80
+address: STREAM/TCP 192.0.2.87 80
error: addrinfo comparison failure
query: With.idn-cname.nämchen.example:80 AF_INET/0x42
--- expected
+++ actual
@@ -1,3 +1,3 @@
 flags: AI_CANONNAME AI_IDN
 canonname: xn--anderes-nmchen-eib.example
-address: STREAM/TCP 192.0.2.119 80
+address: STREAM/TCP 192.0.2.87 80
error: addrinfo comparison failure
query: With.idn-cname.nämchen.example:80 AF_INET/0xc2
--- expected
+++ actual
@@ -1,3 +1,3 @@
 flags: AI_CANONNAME AI_IDN AI_CANONIDN
 canonname: anderes-nämchen.example
-address: STREAM/TCP 192.0.2.119 80
+address: STREAM/TCP 192.0.2.87 80
error: 6 test failures
[hjl@gnu-hsw-1 build-x86_64-linux]$

-- 
H.J.

next prev parent reply	other threads:[~2018-05-23 16:44 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-23 13:29 [PATCH COMMITTED] Switch IDNA implementation to libidn2 [BZ #19728] [BZ #19729] [BZ #22247] Florian Weimer
2018-05-23 16:44 ` H.J. Lu [this message]
2018-05-23 16:55   ` Florian Weimer
2018-05-23 17:12     ` Adhemerval Zanella
2018-05-23 17:38       ` Carlos O'Donell
2018-05-23 17:51         ` Adhemerval Zanella
2018-05-23 17:53           ` Carlos O'Donell
2018-05-23 19:33           ` Florian Weimer
2018-05-23 20:34             ` Adhemerval Zanella
2018-05-23 20:35             ` Adhemerval Zanella
2019-01-21  9:10 ` Andreas Schwab
2019-01-21  9:30   ` Florian Weimer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/libc/involved.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMe9rOroY25YVfHtz1WUwkE_yQYrdj=5NBX0MareEendtRBYyQ@mail.gmail.com' \
    --to=hjl.tools@gmail.com \
    --cc=fweimer@redhat.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).