libuv: backport IDNA input/output hardening fixes

Backport libuv commit `0f2d7e78` (fix: always zero-terminate idna output, 2024-01-18, `v1.48.0~4`) and libuv commit `3530bcc3` (fix: reject zero-length idna inputs, 2024-01-18, `v1.48.0~3`). Fixes: #26112
2025-12-31 10:50:16 -06:00 · 2024-07-15 15:47:31 -04:00
parent b9e2f6828f
commit 890beb19e6
1 changed files with 6 additions and 2 deletions
--- a/Utilities/cmlibuv/src/idna.c
+++ b/Utilities/cmlibuv/src/idna.c
@@ -274,6 +274,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
  char* ds;
  int rc;

+  if (s == se)
+    return UV_EINVAL;
+
  ds = d;

  si = s;
@@ -308,8 +311,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
      return rc;
  }

-  if (d < de)
-    *d++ = '\0';
+  if (d >= de)
+    return UV_EINVAL;

+  *d++ = '\0';
  return d - ds;  /* Number of bytes written. */
 }