Reserve one byte for the NUL terminator when passing the buffer size
to uv_utf16_to_wtf8() in the TTY line-read path. Without this, when
all input characters encode to exactly 3 UTF-8 bytes (e.g. CJK) and
the buffer size is divisible by 3, the NUL terminator is written one
byte past the allocated buffer.
The other two call sites in src/win/util.c already subtract 1 before
calling uv_utf16_to_wtf8(). This aligns tty.c with that convention.
Fixes commit f3889085 ("win,tty: convert line-read UTF-16 to WTF-8")
from October 2023.
Refs: https://github.com/libuv/libuv/security/advisories/GHSA-4prr-4742-3ccf
0x10FFFF is the valid max unicode character, so the check should be
inclusive.
This assert gets triggered because uv__wtf8_decode1 (used by
uv_wtf8_length_as_utf16) has the correct code_point <= 0x10FFFF check,
so the sequence is treated as valid and it will be passed into
uv_wtf8_to_utf16, where the incorrect assert gets triggered:
src/idna.c:397: uv_wtf8_to_utf16: Assertion `code_point < 0x10FFFF' failed.
Requires updating the android builder, since the arm emulator is
deprecated and unavailable now. Switch to using a Github Action plugin
instead of a container, so that hopefully future updates will be
delivered via that channel instead.
Changed the idna test since printf returns EILSEQ for some byte
sequences in the format on Android in glibc. We don't fully understand
the cause, but we can avoid that by not asking it to reencode the bytes
in the current locale settings.
uv_wtf8_length_as_utf16() checks if codepoints are > 0xFFFF (to see if
it should be encoded as a surrogate pair), therefore uv_wtf8_to_utf16()
should too. Instead it checked > 0x1000. Harmonize the checks.
Fixes: https://github.com/nodejs/node/issues/55914
As promised in #2970, this attempts to migrate code to a common set of
utilities in a common place in the code and use them everywhere. This
also exports the functionality, since the Windows API with
WideCharToMultiByte is fairly verbose relative to what libuv and
libuv's clients typically need, so it is useful not to require clients
to reimplement this conversion logic unnecessarily (and because Windows
is not 64-bit ready here, but this implementation is.)
Switch from old-style ASSERT macro to new-style ASSERT_EQ,... macros.
Using new-style macros makes it easier to debug test failures
Fixes: https://github.com/libuv/libuv/issues/2974
```
warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
note: in expansion of macro 'ASSERT_BASE'
#define ASSERT_EQ(a, b) ASSERT_BASE(a, ==, b, int64_t, PRId64)
warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but
argument 3 has type ‘uint32_t’ {aka ‘unsigned int’}
```
Co-authored-by: Jameson Nash <vtjnash@gmail.com>
libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.
Reported by Eric Sesterhenn in collaboration with Cure53 and ExpressVPN.
Reported-By: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Fixes: https://github.com/libuv/libuv/issues/3147
PR-URL: https://github.com/libuv/libuv-private/pull/1
Refs: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Encode domain names before passing them on to the libc resolver.
Some getaddrinfo() implementations support IDNA 2008, some only
IDNA 2003 and some don't support i18n domain names at all.
This is a potential security issue because it means a domain name
might resolve differently depending on the system that libuv is
running on.
Fixes: https://github.com/libuv/libuv/issues/2028
PR-URL: https://github.com/libuv/libuv/pull/2046
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
