diff options
author | Tim Rühsen <tim.ruehsen@gmx.de> | 2019-05-20 11:10:11 +0200 |
---|---|---|
committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2019-05-20 11:32:59 +0200 |
commit | b697e948b6f66440ee1f15337dfc83b6816bd21a (patch) | |
tree | 2a760700e095f61a25888ec75a576e876c522bec /lib | |
parent | 3668ce5363b1300bb8ab25892c7e1d321596e560 (diff) | |
download | gnutls-b697e948b6f66440ee1f15337dfc83b6816bd21a.tar.gz |
Apply STD3 ASCII rules in gnutls_idna_map()tmp-fix-evil-idna
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/str-idna.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/str-idna.c b/lib/str-idna.c index 2e53d7ecc6..a677813363 100644 --- a/lib/str-idna.c +++ b/lib/str-idna.c @@ -76,9 +76,13 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig * Since IDN2_NONTRANSITIONAL implicitly does NFC conversion, we don't need * the additional IDN2_NFC_INPUT. But just for the unlikely case that the linked * library is not matching the headers when building and it doesn't support TR46, - * we provide IDN2_NFC_INPUT. */ - idn2_flags |= IDN2_NONTRANSITIONAL; - idn2_tflags |= IDN2_TRANSITIONAL; + * we provide IDN2_NFC_INPUT. + * + * Without IDN2_USE_STD3_ASCII_RULES, the result could contain any ASCII characters, + * e.g. 'evil.c\u2100.example.com' will be converted into + * 'evil.ca/c.example.com', which seems no good idea. */ + idn2_flags |= IDN2_NONTRANSITIONAL | IDN2_USE_STD3_ASCII_RULES; + idn2_tflags |= IDN2_TRANSITIONAL | IDN2_USE_STD3_ASCII_RULES; #endif /* This avoids excessive CPU usage with libidn2 < 2.1.1 */ |