New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify IDNA usage and switch to libidn2 when needed #97
Conversation
Note also that my goal was to switch to IDNA2008 completely, however, since most programs used libc's IDN functions, I changed the rest to do the same (except ping6). |
I'm on the phone, but I recall some security issues with libidn2, is everything OK? Do you have some "tests" to run to verify correct behaviour? Also, these days we're already able yo build iputils with meson.build, so please also include changes to build with meson :) |
There were security issues with both libidn and libidn2, but at this point libidn2 is much better tested and fuzzed than any library I've worked with: I could introduce some tests with internationalized names. Is there some testsuite I could add some checks at? |
|
9389bc4
to
cb17c9c
Compare
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
The function was converting from locale to UTF-8, performing some check and then converting to IDNA form. Convert instead directly to IDNA from locale format and perform the check afterwards. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
85f6718
to
0eaa8f8
Compare
4286718
to
1990d61
Compare
@okias It seems that by using libidn2 compatibility functions we can compile it even in ubuntu trusty. The current version of the patch does that. |
That is, to provide IDNA2008 support instead of IDNA2003. See https://fedoraproject.org/wiki/Changes/IDNA2008 for more rationale. That uses libidn2 idn2_lookup_ul() which is identical to idn2_to_ascii_lz() but is available on all versions of libidn2. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This enables compilation with the functionality intended to be tested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Just checking - final version? Build seems to be passing, should I check it and merge? |
Yes, that's my final version. |
Thank you! |
That is, use libc's
AI_IDN
consistently. In the case IDNA conversions are needed that cannot be delegated to libc, use libidn2 which implements the IDNA2008 standard (libidn implements the currently obsolete IDNA2003).