diff options
author | Florian Weimer <fweimer@redhat.com> | 2018-05-23 15:26:19 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2018-05-23 15:27:24 +0200 |
commit | 7f9f1ecb710eac4d65bb02785ddf288cac098323 (patch) | |
tree | b93086996bfb5edf0221b895128ef5a6e709dead /libidn/punycode.c | |
parent | 5f7b841d3aebdccc2baed27cb4b22ddb08cd7c0c (diff) | |
download | glibc-7f9f1ecb710eac4d65bb02785ddf288cac098323.tar.gz glibc-7f9f1ecb710eac4d65bb02785ddf288cac098323.tar.xz glibc-7f9f1ecb710eac4d65bb02785ddf288cac098323.zip |
Switch IDNA implementation to libidn2 [BZ #19728] [BZ #19729] [BZ #22247]
This provides an implementation of the IDNA2008 standard and fixes CVE-2016-6261, CVE-2016-6263, CVE-2017-14062.
Diffstat (limited to 'libidn/punycode.c')
-rw-r--r-- | libidn/punycode.c | 454 |
1 files changed, 0 insertions, 454 deletions
diff --git a/libidn/punycode.c b/libidn/punycode.c deleted file mode 100644 index 93027188ce..0000000000 --- a/libidn/punycode.c +++ /dev/null @@ -1,454 +0,0 @@ -/* punycode.c Implementation of punycode used to ASCII encode IDN's. - * Copyright (C) 2002, 2003 Simon Josefsson - * - * This file is part of GNU Libidn. - * - * GNU Libidn is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * GNU Libidn is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with GNU Libidn; if not, see <http://www.gnu.org/licenses/>. - */ - -/* - * This file is derived from RFC 3492bis written by Adam M. Costello. - * - * Disclaimer and license: Regarding this entire document or any - * portion of it (including the pseudocode and C code), the author - * makes no guarantees and is not responsible for any damage resulting - * from its use. The author grants irrevocable permission to anyone - * to use, modify, and distribute it in any way that does not diminish - * the rights of anyone else to use, modify, and distribute it, - * provided that redistributed derivative works do not contain - * misleading author or version information. Derivative works need - * not be licensed under similar terms. - * - * Copyright (C) The Internet Society (2003). All Rights Reserved. - * - * This document and translations of it may be copied and furnished to - * others, and derivative works that comment on or otherwise explain it - * or assist in its implementation may be prepared, copied, published - * and distributed, in whole or in part, without restriction of any - * kind, provided that the above copyright notice and this paragraph are - * included on all such copies and derivative works. However, this - * document itself may not be modified in any way, such as by removing - * the copyright notice or references to the Internet Society or other - * Internet organizations, except as needed for the purpose of - * developing Internet standards in which case the procedures for - * copyrights defined in the Internet Standards process must be - * followed, or as required to translate it into languages other than - * English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on an - * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include <string.h> - -#include "punycode.h" - -/*** Bootstring parameters for Punycode ***/ - -enum -{ base = 36, tmin = 1, tmax = 26, skew = 38, damp = 700, - initial_bias = 72, initial_n = 0x80, delimiter = 0x2D -}; - -/* basic(cp) tests whether cp is a basic code point: */ -#define basic(cp) ((punycode_uint)(cp) < 0x80) - -/* delim(cp) tests whether cp is a delimiter: */ -#define delim(cp) ((cp) == delimiter) - -/* decode_digit(cp) returns the numeric value of a basic code */ -/* point (for use in representing integers) in the range 0 to */ -/* base-1, or base if cp does not represent a value. */ - -static punycode_uint -decode_digit (punycode_uint cp) -{ - return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : - cp - 97 < 26 ? cp - 97 : base; -} - -/* encode_digit(d,flag) returns the basic code point whose value */ -/* (when used for representing integers) is d, which needs to be in */ -/* the range 0 to base-1. The lowercase form is used unless flag is */ -/* nonzero, in which case the uppercase form is used. The behavior */ -/* is undefined if flag is nonzero and digit d has no uppercase form. */ - -static char -encode_digit (punycode_uint d, int flag) -{ - return d + 22 + 75 * (d < 26) - ((flag != 0) << 5); - /* 0..25 map to ASCII a..z or A..Z */ - /* 26..35 map to ASCII 0..9 */ -} - -/* flagged(bcp) tests whether a basic code point is flagged */ -/* (uppercase). The behavior is undefined if bcp is not a */ -/* basic code point. */ - -#define flagged(bcp) ((punycode_uint)(bcp) - 65 < 26) - -/* encode_basic(bcp,flag) forces a basic code point to lowercase */ -/* if flag is zero, uppercase if flag is nonzero, and returns */ -/* the resulting code point. The code point is unchanged if it */ -/* is caseless. The behavior is undefined if bcp is not a basic */ -/* code point. */ - -static char -encode_basic (punycode_uint bcp, int flag) -{ - bcp -= (bcp - 97 < 26) << 5; - return bcp + ((!flag && (bcp - 65 < 26)) << 5); -} - -/*** Platform-specific constants ***/ - -/* maxint is the maximum value of a punycode_uint variable: */ -static const punycode_uint maxint = -1; -/* Because maxint is unsigned, -1 becomes the maximum value. */ - -/*** Bias adaptation function ***/ - -static punycode_uint -adapt (punycode_uint delta, punycode_uint numpoints, int firsttime) -{ - punycode_uint k; - - delta = firsttime ? delta / damp : delta >> 1; - /* delta >> 1 is a faster way of doing delta / 2 */ - delta += delta / numpoints; - - for (k = 0; delta > ((base - tmin) * tmax) / 2; k += base) - { - delta /= base - tmin; - } - - return k + (base - tmin + 1) * delta / (delta + skew); -} - -/*** Main encode function ***/ - -/** - * punycode_encode: - * @input_length: The number of code points in the @input array and - * the number of flags in the @case_flags array. - * @input: An array of code points. They are presumed to be Unicode - * code points, but that is not strictly REQUIRED. The array - * contains code points, not code units. UTF-16 uses code units - * D800 through DFFF to refer to code points 10000..10FFFF. The - * code points D800..DFFF do not occur in any valid Unicode string. - * The code points that can occur in Unicode strings (0..D7FF and - * E000..10FFFF) are also called Unicode scalar values. - * @case_flags: A %NULL pointer or an array of boolean values parallel - * to the @input array. Nonzero (true, flagged) suggests that the - * corresponding Unicode character be forced to uppercase after - * being decoded (if possible), and zero (false, unflagged) suggests - * that it be forced to lowercase (if possible). ASCII code points - * (0..7F) are encoded literally, except that ASCII letters are - * forced to uppercase or lowercase according to the corresponding - * case flags. If @case_flags is a %NULL pointer then ASCII letters - * are left as they are, and other code points are treated as - * unflagged. - * @output_length: The caller passes in the maximum number of ASCII - * code points that it can receive. On successful return it will - * contain the number of ASCII code points actually output. - * @output: An array of ASCII code points. It is *not* - * null-terminated; it will contain zeros if and only if the @input - * contains zeros. (Of course the caller can leave room for a - * terminator and add one if needed.) - * - * Converts a sequence of code points (presumed to be Unicode code - * points) to Punycode. - * - * Return value: The return value can be any of the punycode_status - * values defined above except %punycode_bad_input. If not - * %punycode_success, then @output_size and @output might contain - * garbage. - **/ -int -punycode_encode (size_t input_length, - const punycode_uint input[], - const unsigned char case_flags[], - size_t * output_length, char output[]) -{ - punycode_uint input_len, n, delta, h, b, bias, j, m, q, k, t; - size_t out, max_out; - - /* The Punycode spec assumes that the input length is the same type */ - /* of integer as a code point, so we need to convert the size_t to */ - /* a punycode_uint, which could overflow. */ - - if (input_length > maxint) - return punycode_overflow; - input_len = (punycode_uint) input_length; - - /* Initialize the state: */ - - n = initial_n; - delta = 0; - out = 0; - max_out = *output_length; - bias = initial_bias; - - /* Handle the basic code points: */ - - for (j = 0; j < input_len; ++j) - { - if (basic (input[j])) - { - if (max_out - out < 2) - return punycode_big_output; - output[out++] = case_flags ? - encode_basic (input[j], case_flags[j]) : (char) input[j]; - } - /* else if (input[j] < n) return punycode_bad_input; */ - /* (not needed for Punycode with unsigned code points) */ - } - - h = b = (punycode_uint) out; - /* cannot overflow because out <= input_len <= maxint */ - - /* h is the number of code points that have been handled, b is the */ - /* number of basic code points, and out is the number of ASCII code */ - /* points that have been output. */ - - if (b > 0) - output[out++] = delimiter; - - /* Main encoding loop: */ - - while (h < input_len) - { - /* All non-basic code points < n have been */ - /* handled already. Find the next larger one: */ - - for (m = maxint, j = 0; j < input_len; ++j) - { - /* if (basic(input[j])) continue; */ - /* (not needed for Punycode) */ - if (input[j] >= n && input[j] < m) - m = input[j]; - } - - /* Increase delta enough to advance the decoder's */ - /* <n,i> state to <m,0>, but guard against overflow: */ - - if (m - n > (maxint - delta) / (h + 1)) - return punycode_overflow; - delta += (m - n) * (h + 1); - n = m; - - for (j = 0; j < input_len; ++j) - { - /* Punycode does not need to check whether input[j] is basic: */ - if (input[j] < n /* || basic(input[j]) */ ) - { - if (++delta == 0) - return punycode_overflow; - } - - if (input[j] == n) - { - /* Represent delta as a generalized variable-length integer: */ - - for (q = delta, k = base;; k += base) - { - if (out >= max_out) - return punycode_big_output; - t = k <= bias /* + tmin */ ? tmin : /* +tmin not needed */ - k >= bias + tmax ? tmax : k - bias; - if (q < t) - break; - output[out++] = encode_digit (t + (q - t) % (base - t), 0); - q = (q - t) / (base - t); - } - - output[out++] = encode_digit (q, case_flags && case_flags[j]); - bias = adapt (delta, h + 1, h == b); - delta = 0; - ++h; - } - } - - ++delta, ++n; - } - - *output_length = out; - return punycode_success; -} - -/*** Main decode function ***/ - -/** - * punycode_decode: - * @input_length: The number of ASCII code points in the @input array. - * @input: An array of ASCII code points (0..7F). - * @output_length: The caller passes in the maximum number of code - * points that it can receive into the @output array (which is also - * the maximum number of flags that it can receive into the - * @case_flags array, if @case_flags is not a %NULL pointer). On - * successful return it will contain the number of code points - * actually output (which is also the number of flags actually - * output, if case_flags is not a null pointer). The decoder will - * never need to output more code points than the number of ASCII - * code points in the input, because of the way the encoding is - * defined. The number of code points output cannot exceed the - * maximum possible value of a punycode_uint, even if the supplied - * @output_length is greater than that. - * @output: An array of code points like the input argument of - * punycode_encode() (see above). - * @case_flags: A %NULL pointer (if the flags are not needed by the - * caller) or an array of boolean values parallel to the @output - * array. Nonzero (true, flagged) suggests that the corresponding - * Unicode character be forced to uppercase by the caller (if - * possible), and zero (false, unflagged) suggests that it be forced - * to lowercase (if possible). ASCII code points (0..7F) are output - * already in the proper case, but their flags will be set - * appropriately so that applying the flags would be harmless. - * - * Converts Punycode to a sequence of code points (presumed to be - * Unicode code points). - * - * Return value: The return value can be any of the punycode_status - * values defined above. If not %punycode_success, then - * @output_length, @output, and @case_flags might contain garbage. - * - **/ -int -punycode_decode (size_t input_length, - const char input[], - size_t * output_length, - punycode_uint output[], unsigned char case_flags[]) -{ - punycode_uint n, out, i, max_out, bias, oldi, w, k, digit, t; - size_t b, j, in; - - /* Initialize the state: */ - - n = initial_n; - out = i = 0; - max_out = *output_length > maxint ? maxint - : (punycode_uint) * output_length; - bias = initial_bias; - - /* Handle the basic code points: Let b be the number of input code */ - /* points before the last delimiter, or 0 if there is none, then */ - /* copy the first b code points to the output. */ - - for (b = j = 0; j < input_length; ++j) - if (delim (input[j])) - b = j; - if (b > max_out) - return punycode_big_output; - - for (j = 0; j < b; ++j) - { - if (case_flags) - case_flags[out] = flagged (input[j]); - if (!basic (input[j])) - return punycode_bad_input; - output[out++] = input[j]; - } - - /* Main decoding loop: Start just after the last delimiter if any */ - /* basic code points were copied; start at the beginning otherwise. */ - - for (in = b > 0 ? b + 1 : 0; in < input_length; ++out) - { - - /* in is the index of the next ASCII code point to be consumed, */ - /* and out is the number of code points in the output array. */ - - /* Decode a generalized variable-length integer into delta, */ - /* which gets added to i. The overflow checking is easier */ - /* if we increase i as we go, then subtract off its starting */ - /* value at the end to obtain delta. */ - - for (oldi = i, w = 1, k = base;; k += base) - { - if (in >= input_length) - return punycode_bad_input; - digit = decode_digit (input[in++]); - if (digit >= base) - return punycode_bad_input; - if (digit > (maxint - i) / w) - return punycode_overflow; - i += digit * w; - t = k <= bias /* + tmin */ ? tmin : /* +tmin not needed */ - k >= bias + tmax ? tmax : k - bias; - if (digit < t) - break; - if (w > maxint / (base - t)) - return punycode_overflow; - w *= (base - t); - } - - bias = adapt (i - oldi, out + 1, oldi == 0); - - /* i was supposed to wrap around from out+1 to 0, */ - /* incrementing n each time, so we'll fix that now: */ - - if (i / (out + 1) > maxint - n) - return punycode_overflow; - n += i / (out + 1); - i %= (out + 1); - - /* Insert n at position i of the output: */ - - /* not needed for Punycode: */ - /* if (basic(n)) return punycode_invalid_input; */ - if (out >= max_out) - return punycode_big_output; - - if (case_flags) - { - memmove (case_flags + i + 1, case_flags + i, out - i); - /* Case of last ASCII code point determines case flag: */ - case_flags[i] = flagged (input[in - 1]); - } - - memmove (output + i + 1, output + i, (out - i) * sizeof *output); - output[i++] = n; - } - - *output_length = (size_t) out; - /* cannot overflow because out <= old value of *output_length */ - return punycode_success; -} - -/** - * punycode_uint - * - * Unicode code point data type, this is always a 32 bit unsigned - * integer. - */ - -/** - * Punycode_status - * @PUNYCODE_SUCCESS: Successful operation. This value is guaranteed - * to always be zero, the remaining ones are only guaranteed to hold - * non-zero values, for logical comparison purposes. - * @PUNYCODE_BAD_INPUT: Input is invalid. - * @PUNYCODE_BIG_OUTPUT: Output would exceed the space provided. - * @PUNYCODE_OVERFLOW: Input needs wider integers to process. - * - * Enumerated return codes of punycode_encode() and punycode_decode(). - * The value 0 is guaranteed to always correspond to success. - */ |