#
3530bcc3 |
| 18-Jan-2024 |
Ben Noordhuis |
fix: reject zero-length idna inputs Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
|
#
0f2d7e78 |
| 18-Jan-2024 |
Ben Noordhuis |
fix: always zero-terminate idna output Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
|
#
12bd89bb |
| 11-Dec-2023 |
Saúl Ibarra Corretgé |
idna: fix compilation warning w_target_len is set but unsued in release mode.
|
#
f3889085 |
| 29-Oct-2023 |
Jameson Nash |
misc: export WTF8 conversion utilities (#4021) As promised in #2970, this attempts to migrate code to a common set of utilities in a common place in the code and use them everywhere. Thi
misc: export WTF8 conversion utilities (#4021) As promised in #2970, this attempts to migrate code to a common set of utilities in a common place in the code and use them everywhere. This also exports the functionality, since the Windows API with WideCharToMultiByte is fairly verbose relative to what libuv and libuv's clients typically need, so it is useful not to require clients to reimplement this conversion logic unnecessarily (and because Windows is not 64-bit ready here, but this implementation is.)
show more ...
|
#
8ec1732a |
| 13-Feb-2022 |
UMU |
build: fix error C4146 on MSVC (#3271) > error C4146: unary minus operator applied to unsigned type, result still unsigned
|
#
b7466e31 |
| 21-May-2021 |
Ben Noordhuis |
idna: fix OOB read in punycode decoder libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii() function which is used to convert strings to ASCII. This is called by the
idna: fix OOB read in punycode decoder libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii() function which is used to convert strings to ASCII. This is called by the DNS resolution function and can lead to information disclosures or crashes. Reported by Eric Sesterhenn in collaboration with Cure53 and ExpressVPN. Reported-By: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de> Fixes: https://github.com/libuv/libuv/issues/3147 PR-URL: https://github.com/libuv/libuv-private/pull/1 Refs: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
show more ...
|
Revision tags: v1.41.0, v1.40.0, v1.39.0, v1.38.1, v1.38.0, v1.37.0, v1.36.0, v1.35.0, v1.34.2, v1.34.1, v1.34.0, v1.33.1, v1.33.0, v1.32.0, v1.31.0, v1.30.1, v1.30.0, v1.29.1, v1.29.0, v1.28.0, v1.27.0, v1.26.0, v1.25.0, v1.24.1, v1.24.0 |
|
#
6dd44caa |
| 19-Oct-2018 |
Ben Noordhuis |
unix,win: support IDNA 2008 in uv_getaddrinfo() Encode domain names before passing them on to the libc resolver. Some getaddrinfo() implementations support IDNA 2008, some only IDNA
unix,win: support IDNA 2008 in uv_getaddrinfo() Encode domain names before passing them on to the libc resolver. Some getaddrinfo() implementations support IDNA 2008, some only IDNA 2003 and some don't support i18n domain names at all. This is a potential security issue because it means a domain name might resolve differently depending on the system that libuv is running on. Fixes: https://github.com/libuv/libuv/issues/2028 PR-URL: https://github.com/libuv/libuv/pull/2046 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
show more ...
|