diff options
| author | Jörg Frings-Fürst <debian@jff-webhsoting.net> | 2019-01-13 12:37:00 +0100 |
|---|---|---|
| committer | Jörg Frings-Fürst <debian@jff-webhsoting.net> | 2019-01-13 12:37:00 +0100 |
| commit | d289e0569e0317ffd228d8d0bf9f4a7a7a4fc41c (patch) | |
| tree | bff28a21e5e235d32cd14177b0b1b93935bbaeb5 | |
| parent | 4525c4951ed4d49ceb65525cea14b9aa35f1d3fc (diff) | |
| parent | a567bbfee78959e9c35f0722328f22d24ef39d2b (diff) | |
Merge branch 'release/debian/0.9.1-1'debian/0.9.1-1
| -rw-r--r-- | ChangeLog | 31 | ||||
| -rw-r--r-- | Makefile.am | 5 | ||||
| -rw-r--r-- | Makefile.in | 8 | ||||
| -rwxr-xr-x | configure | 20 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | debian/copyright | 4 | ||||
| -rw-r--r-- | include/uriparser/Uri.h | 2 | ||||
| -rw-r--r-- | include/uriparser/UriBase.h | 2 | ||||
| -rw-r--r-- | src/UriParse.c | 61 | ||||
| -rw-r--r-- | src/UriRecompose.c | 2 | ||||
| -rw-r--r-- | test/VersionSuite.cpp | 8 | ||||
| -rw-r--r-- | test/test.cpp | 52 | ||||
| -rw-r--r-- | tool/uriparse.c | 17 |
15 files changed, 161 insertions, 64 deletions
@@ -2,16 +2,41 @@ NOTE: uriparser is looking for help with a few things: https://github.com/uriparser/uriparser/labels/help%20wanted If you can help, please get in touch. Thanks! +2019-01-02 -- 0.9.1 + +>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + * Fixed: + Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 + addresses with embedded IPv4 address, e.g. "//[::44.1"; + mitigated if passed parameter <afterLast> points to readable memory + containing a '\0' byte. + Thanks to Joergen Ibsen for the report! +>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + * Fixed: When parsing a malformed URI with an IPvFuture address + (e.g. "http://[vA.123456" missing "]"), errorPos would point to the first + character after "v" than the actual position of the error (here: the end + of the string) + * Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed + for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch! + * Fixed: Compilation with MinGW + Thanks to Sandro Mani for the patch! + * Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40) + * Improved: For parse errors, waterproof errorPos <= afterLast + * Soname: 1:24:0 + 2018-10-27 -- 0.9.0 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - * Fixed: Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx* + * Fixed: [CVE-2018-19198] + Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx* Commit 864f5d4c127def386dd5cc926ad96934b297f04e Thanks to Google Autofuzz team for the report! - * Fixed: Detect integer overflow in uriComposeQuery* and uriComposeQueryEx* + * Fixed: [CVE-2018-19199] + Detect integer overflow in uriComposeQuery* and uriComposeQueryEx* Commit f76275d4a91b28d687250525d3a0c5509bbd666f Thanks to Google Autofuzz team for the report! - * Fixed: Protect uriResetUri* against acting on NULL input + * Fixed: [CVE-2018-19200] + Protect uriResetUri* against acting on NULL input Commit f58c25069cf4a986fe17a80c5b38687e31feb539 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code diff --git a/Makefile.am b/Makefile.am index a479778..95aafb4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -18,6 +18,9 @@ uriparse_SOURCES = tool/uriparse.c uriparse_CFLAGS = -Iinclude uriparse_LDADD = $(top_builddir)/liburiparser.la uriparse_DEPENDENCIES = $(top_builddir)/liburiparser.la +if WIN32 +uriparse_LDADD += -lws2_32 +endif pkgconfig_DATA = liburiparser.pc @@ -34,7 +37,7 @@ pkginclude_HEADERS = \ include/uriparser/UriIp4.h -liburiparser_la_LDFLAGS = -version-info 1:23:0 +liburiparser_la_LDFLAGS = -version-info 1:24:0 if WIN32 liburiparser_la_LDFLAGS += -no-undefined endif diff --git a/Makefile.in b/Makefile.in index 1664414..cbf933a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -94,7 +94,8 @@ host_triplet = @host@ @URI_TEST_ENABLED_TRUE@check_PROGRAMS = test/uriparser_test$(EXEEXT) @URI_TEST_ENABLED_TRUE@TESTS = test/uriparser_test$(EXEEXT) bin_PROGRAMS = uriparse$(EXEEXT) -@WIN32_TRUE@am__append_1 = -no-undefined +@WIN32_TRUE@am__append_1 = -lws2_32 +@WIN32_TRUE@am__append_2 = -no-undefined subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ @@ -175,6 +176,7 @@ test_uriparser_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX \ $(test_uriparser_test_LDFLAGS) $(LDFLAGS) -o $@ am_uriparse_OBJECTS = tool/uriparse-uriparse.$(OBJEXT) uriparse_OBJECTS = $(am_uriparse_OBJECTS) +am__DEPENDENCIES_1 = uriparse_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(uriparse_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ @@ -644,7 +646,7 @@ ACLOCAL_AMFLAGS = -I m4 lib_LTLIBRARIES = liburiparser.la uriparse_SOURCES = tool/uriparse.c uriparse_CFLAGS = -Iinclude -uriparse_LDADD = $(top_builddir)/liburiparser.la +uriparse_LDADD = $(top_builddir)/liburiparser.la $(am__append_1) uriparse_DEPENDENCIES = $(top_builddir)/liburiparser.la pkgconfig_DATA = liburiparser.pc pkgconfigdir = $(libdir)/pkgconfig @@ -656,7 +658,7 @@ pkginclude_HEADERS = \ include/uriparser/UriDefsUnicode.h \ include/uriparser/UriIp4.h -liburiparser_la_LDFLAGS = -version-info 1:23:0 $(am__append_1) +liburiparser_la_LDFLAGS = -version-info 1:24:0 $(am__append_2) liburiparser_la_SOURCES = \ src/UriCommon.c \ src/UriCommon.h \ @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for uriparser 0.9.0. +# Generated by GNU Autoconf 2.69 for uriparser 0.9.1. # # Report bugs to <https://github.com/uriparser/uriparser/issues>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='uriparser' PACKAGE_TARNAME='uriparser' -PACKAGE_VERSION='0.9.0' -PACKAGE_STRING='uriparser 0.9.0' +PACKAGE_VERSION='0.9.1' +PACKAGE_STRING='uriparser 0.9.1' PACKAGE_BUGREPORT='https://github.com/uriparser/uriparser/issues' PACKAGE_URL='https://uriparser.github.io/' @@ -1348,7 +1348,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures uriparser 0.9.0 to adapt to many kinds of systems. +\`configure' configures uriparser 0.9.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1418,7 +1418,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of uriparser 0.9.0:";; + short | recursive ) echo "Configuration of uriparser 0.9.1:";; esac cat <<\_ACEOF @@ -1548,7 +1548,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -uriparser configure 0.9.0 +uriparser configure 0.9.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2038,7 +2038,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by uriparser $as_me 0.9.0, which was +It was created by uriparser $as_me 0.9.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2901,7 +2901,7 @@ fi # Define the identity of the package. PACKAGE='uriparser' - VERSION='0.9.0' + VERSION='0.9.1' cat >>confdefs.h <<_ACEOF @@ -17746,7 +17746,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by uriparser $as_me 0.9.0, which was +This file was extended by uriparser $as_me 0.9.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17813,7 +17813,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -uriparser config.status 0.9.0 +uriparser config.status 0.9.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 7534c5f..3144a69 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ(2.61) -AC_INIT([uriparser], [0.9.0], [https://github.com/uriparser/uriparser/issues], +AC_INIT([uriparser], [0.9.1], [https://github.com/uriparser/uriparser/issues], [uriparser], [https://uriparser.github.io/]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([1.10.1 foreign dist-zip dist-bzip2 no-dist-gzip subdir-objects]) diff --git a/debian/changelog b/debian/changelog index c08913c..6e9a58d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +uriparser (0.9.1-1) unstable; urgency=medium + + * New upstream release. + * Declare compliance with Debian Policy 4.3.0.1 (No changes needed). + * debian/copyright: + - Bump years to 2019. + + -- Jörg Frings-Fürst <debian@jff.email> Sat, 12 Jan 2019 19:08:27 +0100 + uriparser (0.9.0-1) unstable; urgency=medium * New upstream release (Closes: #913817): diff --git a/debian/control b/debian/control index 80013e9..5de9921 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Build-Depends-Indep: qttools5-dev-tools, qtbase5-dev, libqt5sql5-sqlite -Standards-Version: 4.2.1 +Standards-Version: 4.3.0.1 Homepage: http://uriparser.sourceforge.net Vcs-Git: git://jff.email/opt/git/uriparser.git Vcs-Browser: https://jff.email/cgit/uriparser.git diff --git a/debian/copyright b/debian/copyright index 5a52f3d..212e9f3 100644 --- a/debian/copyright +++ b/debian/copyright @@ -5,7 +5,7 @@ Source: https://github.com/uriparser/uriparser Files: * Copyright: 2007 Weijia Song <songweijia@gmail.com> 2008 Michael Anthony Puls II <shadow2531@gmail.com> - 2007-2015 Sebastian Pipping <webmaster@hartwork.org> + 2007-2019 Sebastian Pipping <webmaster@hartwork.org> 2013 Radu Hociung <radu.uriparser@ohmi.org> License: BSD-3-clause @@ -19,7 +19,7 @@ Copyright: 2014-2015 Sebastian Pipping <webmaster@hartwork.org> License: LGPL-2.1+ Files: debian/* -Copyright: 2014-2018 Jörg Frings-Fürst <debian@jff.email> +Copyright: 2014-2019 Jörg Frings-Fürst <debian@jff.email> License: GPL-3+ License: BSD-3-clause diff --git a/include/uriparser/Uri.h b/include/uriparser/Uri.h index 43fa206..33a008b 100644 --- a/include/uriparser/Uri.h +++ b/include/uriparser/Uri.h @@ -1,4 +1,4 @@ -/* c071c0bd2264218705abd9e6b19250adb67d6fefa4866d705b9d2f2672281001 (0.9.0+) +/* 561572cef718ad662595da3d4a1436cd3c2526234593c4c86e82ba08bfd292d8 (0.9.1+) * * uriparser - RFC 3986 URI parsing library * diff --git a/include/uriparser/UriBase.h b/include/uriparser/UriBase.h index f396235..32e2135 100644 --- a/include/uriparser/UriBase.h +++ b/include/uriparser/UriBase.h @@ -55,7 +55,7 @@ /* Version */ #define URI_VER_MAJOR 0 #define URI_VER_MINOR 9 -#define URI_VER_RELEASE 0 +#define URI_VER_RELEASE 1 #define URI_VER_SUFFIX_ANSI "" #define URI_VER_SUFFIX_UNICODE URI_ANSI_TO_UNICODE(URI_VER_SUFFIX_ANSI) diff --git a/src/UriParse.c b/src/UriParse.c index f4bdda9..573d8fb 100644 --- a/src/UriParse.c +++ b/src/UriParse.c @@ -388,7 +388,7 @@ static const URI_CHAR * URI_FUNC(ParseIpFutLoop)(URI_TYPE(ParserState) * state, const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -468,7 +468,7 @@ static const URI_CHAR * URI_FUNC(ParseIpFuture)(URI_TYPE(ParserState) * state, const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -480,7 +480,7 @@ static const URI_CHAR * URI_FUNC(ParseIpFuture)(URI_TYPE(ParserState) * state, case _UT('v'): */ if (first + 1 >= afterLast) { - URI_FUNC(StopSyntax)(state, first + 1, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -493,8 +493,11 @@ static const URI_CHAR * URI_FUNC(ParseIpFuture)(URI_TYPE(ParserState) * state, if (afterHexZero == NULL) { return NULL; } - if ((afterHexZero >= afterLast) - || (*afterHexZero != _UT('.'))) { + if (afterHexZero >= afterLast) { + URI_FUNC(StopSyntax)(state, afterLast, memory); + return NULL; + } + if (*afterHexZero != _UT('.')) { URI_FUNC(StopSyntax)(state, afterHexZero, memory); return NULL; } @@ -532,7 +535,7 @@ static URI_INLINE const URI_CHAR * URI_FUNC(ParseIpLit2)( URI_TYPE(ParserState) * state, const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -544,9 +547,12 @@ static URI_INLINE const URI_CHAR * URI_FUNC(ParseIpLit2)( if (afterIpFuture == NULL) { return NULL; } - if ((afterIpFuture >= afterLast) - || (*afterIpFuture != _UT(']'))) { - URI_FUNC(StopSyntax)(state, first, memory); + if (afterIpFuture >= afterLast) { + URI_FUNC(StopSyntax)(state, afterLast, memory); + return NULL; + } + if (*afterIpFuture != _UT(']')) { + URI_FUNC(StopSyntax)(state, afterIpFuture, memory); return NULL; } return afterIpFuture + 1; @@ -589,7 +595,7 @@ static const URI_CHAR * URI_FUNC(ParseIPv6address2)( for (;;) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -692,6 +698,11 @@ static const URI_CHAR * URI_FUNC(ParseIPv6address2)( return NULL; } first++; + + if (first >= afterLast) { + URI_FUNC(StopSyntax)(state, afterLast, memory); + return NULL; + } } } else { /* Eat while no dot in sight */ @@ -752,7 +763,7 @@ static const URI_CHAR * URI_FUNC(ParseIPv6address2)( /* "::"? */ if (first + 1 >= afterLast) { - URI_FUNC(StopSyntax)(state, first + 1, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } if (first[1] == _UT(':')) { @@ -770,7 +781,7 @@ static const URI_CHAR * URI_FUNC(ParseIPv6address2)( /* ":::+"? */ if (first + 1 >= afterLast) { - URI_FUNC(StopSyntax)(state, first + 1, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; /* No ']' yet */ } if (first[1] == _UT(':')) { @@ -862,7 +873,7 @@ static const URI_CHAR * URI_FUNC(ParseIPv6address2)( first++; if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; /* No ']' yet */ } } while (walking); @@ -1147,7 +1158,7 @@ static const URI_CHAR * URI_FUNC(ParseOwnHostUserInfoNz)( URI_TYPE(ParserState) * state, const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -1311,7 +1322,7 @@ static const URI_CHAR * URI_FUNC(ParseOwnUserInfo)( URI_TYPE(ParserState) * state, const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -1519,7 +1530,7 @@ static const URI_CHAR * URI_FUNC(ParsePchar)(URI_TYPE(ParserState) * state, const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -1564,7 +1575,7 @@ static const URI_CHAR * URI_FUNC(ParsePctEncoded)( const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -1576,14 +1587,14 @@ static const URI_CHAR * URI_FUNC(ParsePctEncoded)( case _UT('%'): */ if (first + 1 >= afterLast) { - URI_FUNC(StopSyntax)(state, first + 1, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } switch (first[1]) { case URI_SET_HEXDIG: if (first + 2 >= afterLast) { - URI_FUNC(StopSyntax)(state, first + 2, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -1621,7 +1632,7 @@ static const URI_CHAR * URI_FUNC(ParsePctSubUnres)( const URI_CHAR * first, const URI_CHAR * afterLast, UriMemoryManager * memory) { if (first >= afterLast) { - URI_FUNC(StopSyntax)(state, first, memory); + URI_FUNC(StopSyntax)(state, afterLast, memory); return NULL; } @@ -2170,10 +2181,18 @@ static int URI_FUNC(ParseUriExMm)(URI_TYPE(ParserState) * state, /* Parse */ afterUriReference = URI_FUNC(ParseUriReference)(state, first, afterLast, memory); if (afterUriReference == NULL) { + /* Waterproof errorPos <= afterLast */ + if (state->errorPos && (state->errorPos > afterLast)) { + state->errorPos = afterLast; + } return state->errorCode; } if (afterUriReference != afterLast) { - URI_FUNC(StopSyntax)(state, afterUriReference, memory); + if (afterUriReference < afterLast) { + URI_FUNC(StopSyntax)(state, afterUriReference, memory); + } else { + URI_FUNC(StopSyntax)(state, afterLast, memory); + } return state->errorCode; } return URI_SUCCESS; diff --git a/src/UriRecompose.c b/src/UriRecompose.c index 2705cf1..2cdb92d 100644 --- a/src/UriRecompose.c +++ b/src/UriRecompose.c @@ -246,7 +246,7 @@ static URI_INLINE int URI_FUNC(ToStringEngine)(URI_CHAR * dest, } } } else { - (*charsRequired) += charsToWrite + 1; + (*charsRequired) += charsToWrite + ((i == 3) ? 0 : 1); } } } else if (uri->hostData.ip6 != NULL) { diff --git a/test/VersionSuite.cpp b/test/VersionSuite.cpp index fb28c15..c85bbd2 100644 --- a/test/VersionSuite.cpp +++ b/test/VersionSuite.cpp @@ -20,9 +20,6 @@ #include <gtest/gtest.h> -#ifndef _GNU_SOURCE -# define _GNU_SOURCE // for asprintf -#endif #include <stdio.h> @@ -31,8 +28,8 @@ TEST(VersionSuite, EnsureVersionDefinesInSync) { - char * INSIDE_VERSION = NULL; - const int bytes_printed = asprintf(&INSIDE_VERSION, "%d.%d.%d%s", + char INSIDE_VERSION[256]; + const int bytes_printed = sprintf(INSIDE_VERSION, "%d.%d.%d%s", URI_VER_MAJOR, URI_VER_MINOR, URI_VER_RELEASE, URI_VER_SUFFIX_ANSI); ASSERT_TRUE(bytes_printed != -1); @@ -42,6 +39,5 @@ TEST(VersionSuite, EnsureVersionDefinesInSync) { printf(" Tarball version: <%s>\n", PACKAGE_VERSION); printf(" Header defines version: <%s>\n", INSIDE_VERSION); } - free(INSIDE_VERSION); ASSERT_TRUE(equal); } diff --git a/test/test.cpp b/test/test.cpp index 78fd980..7a68c39 100644 --- a/test/test.cpp +++ b/test/test.cpp @@ -242,6 +242,19 @@ TEST(UriSuite, TestIpSixFail) { URI_TEST_IP_SIX_FAIL("g:0:0:0:0:0:0"); } +TEST(UriSuite, TestIpSixOverread) { + UriUriA uri; + const char * errorPos; + + // NOTE: This string is designed to not have a terminator + char uriText[2 + 3 + 2 + 1 + 1]; + strncpy(uriText, "//[::44.1", sizeof(uriText)); + + EXPECT_EQ(uriParseSingleUriExA(&uri, uriText, + uriText + sizeof(uriText), &errorPos), URI_ERROR_SYNTAX); + EXPECT_EQ(errorPos, uriText + sizeof(uriText)); +} + TEST(UriSuite, TestUri) { UriParserStateA stateA; UriParserStateW stateW; @@ -1214,6 +1227,8 @@ namespace { return false; } + EXPECT_EQ(charsRequired, wcslen(text)); + // Minimum wchar_t * buffer = new wchar_t[charsRequired + 1]; if (uriToStringW(buffer, &uri, charsRequired + 1, NULL) != 0) { @@ -1236,15 +1251,24 @@ namespace { } // namespace TEST(UriSuite, TestToStringCharsRequired) { - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com:80/")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://user:pass@www.example.com/")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/index.html")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/?abc")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/#def")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/?abc#def")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"/test")); - ASSERT_TRUE(testToStringCharsRequiredHelper(L"test")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.1.1.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://12.1.1.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://123.1.1.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.12.1.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.123.1.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.1.12.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.1.123.1/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.1.1.12/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://1.1.1.123/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com:80/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://user:pass@www.example.com/")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/index.html")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/?abc")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/#def")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"http://www.example.com/?abc#def")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"/test")); + EXPECT_TRUE(testToStringCharsRequiredHelper(L"test")); } namespace { @@ -2041,6 +2065,16 @@ TEST(UriSuite, TestRangeComparisonRemoveBaseUriIssue19) { "http://example2/x/y/z"); } +TEST(ErrorPosSuite, TestErrorPosIPvFuture) { + UriUriA uri; + const char * errorPos; + + const char * const uriText = "http://[vA.123456"; // missing "]" + EXPECT_EQ(uriParseSingleUriA(&uri, uriText, &errorPos), + URI_ERROR_SYNTAX); + EXPECT_EQ(errorPos, uriText + strlen(uriText)); +} + TEST(UriParseSingleSuite, Success) { UriUriA uri; diff --git a/tool/uriparse.c b/tool/uriparse.c index e9c1218..fc8bbb5 100644 --- a/tool/uriparse.c +++ b/tool/uriparse.c @@ -36,12 +36,20 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/socket.h> #include <stdio.h> #include <stdlib.h> #include <uriparser/Uri.h> -#include <arpa/inet.h> -#include <netinet/in.h> + +#ifdef _WIN32 +# include <winsock2.h> +# include <ws2tcpip.h> +WINSOCK_API_LINKAGE const char WSAAPI inet_ntop( + int af, const void *src, char *dst, socklen_t size); +#else +# include <sys/socket.h> +# include <arpa/inet.h> +# include <netinet/in.h> +#endif #define RANGE(x) (int)((x).afterLast-(x).first), ((x).first) @@ -76,7 +84,8 @@ int main(int argc, char *argv[]) { : (state.errorCode == URI_ERROR_MALLOC) ? "not enough memory" : "liburiparser bug (please report)", - state.errorPos, state.errorPos - argv[i]); + state.errorPos, + (long unsigned int)(state.errorPos - argv[i])); retval = EXIT_FAILURE; } else { if (uri.scheme.first) { |