1. 25 Feb, 2019 1 commit
  2. 24 Feb, 2019 1 commit
  3. 23 Feb, 2019 1 commit
  4. 20 Feb, 2019 2 commits
  5. 09 Feb, 2019 4 commits
  6. 08 Feb, 2019 1 commit
  7. 29 Jan, 2019 3 commits
  8. 28 Jan, 2019 4 commits
  9. 25 Jan, 2019 3 commits
  10. 22 Jan, 2019 3 commits
  11. 20 Jan, 2019 2 commits
    • Tim Rühsen's avatar
      Avoid excessive CPU usage with large inputs to idn2_lookup_u8() · d7f426bf
      Tim Rühsen authored
      The punycode encoding was done on any input sizes, the output length check
      happended afterwards. Due to the O(N^2) nature of the encoding, this
      lead to excessive CPU usage on large inputs.
      This was unneeded because the result was IDN2_TOO_BIG_DOMAIN anyways.
      
      It allowed a Denial-Of-Service (DOS) if the calling functions didn't
      have their own length check. In fact we saw this as timeout issues
      when fuzzing GnuTLS via OSS-Fuzz.
      
      The affected functions are idn2_lookup_u8(), idn2_lookup_ul(),
      idn2_to_ascii_4i, idn2_to_ascii_4i2(), idn2_to_ascii_4z(),
      idn2_to_ascii_8z(), idn2_to_ascii_lz().
      
      Also the tool 'idn2' is affected in lookup/toASCII mode.
      d7f426bf
    • Tim Rühsen's avatar
      8a99ab64
  12. 19 Jan, 2019 4 commits
  13. 12 Jan, 2019 2 commits
  14. 11 Jan, 2019 1 commit
  15. 10 Jan, 2019 3 commits
  16. 09 Jan, 2019 5 commits