Commit 03e16dfa authored by Tim Rühsen's avatar Tim Rühsen

Check codepoint validity in punycode_decode()

punycode_decode() was able to generate invalid unicode values returned with IDN2_OK. The only affected function was idn2_to_unicode_8z4z(). Reported-by: Mike Schiffman (Farsight Security, Inc.)
parent 6a5fce98
......@@ -190,6 +190,7 @@ int punycode_decode(
if (i / (out + 1) > maxint - n) return punycode_overflow;
n += i / (out + 1);
if (n > 0x10FFFF) return punycode_bad_input;
i %= (out + 1);
/* Insert n at position i of the output: */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment