Since we know the number of bytes we want to copy, just use memcpy
instead of strncpy - this will be faster and hopefully will warn
less on arm systems.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
This adds regression checks for the security issue recently fixed
in idna_{en,de}code().
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Detected by some norwegian students who were doing security
analysis, we would overrun buffers in idna_{en,de}code() so
this corrects that problem.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to not blow up on massive rowspan/colspan values (which
could be an issue according to #2873) we clamp them according to
the HTML spec section 4.9.11
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Unfortunately, despite previous assertions to the contrary,
we do need to deal with IPv6 literals. For now we validate
just that they are encased by square brackets and consist only
of hex digits and colons. We do not validate that they are
actually valid IPv6 addresses.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
We were previously assuming a badly escaped hostname would
not be a url parse failure; but in practice firefox expects
it to fail and thus omnis to a search instead. This behaviour
is expected, thus we update the test case.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
The host component must be a valid DNS name; and unfortunately
underscores are present in some DNS names already, despite a 2019
decision to not issue them going forward. As such we permit the
underscore as well in order to work with old-school URLs which may
exist in the wild.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
The host component, by the time we hit the validation code, should
be a valid DNS name. In theory it could also be an IPv6 address,
but those are far more painful to deal with so we're ignoring that
opportunity for now.
This fixes a problem where the search_web_omni logic would fail
to generate a search because nsurl_create() succeeded even though
it shouldn't have.
Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
The buffer for storing the js_exec arguments could be one
byte too small in which case bad things might happen. This
fixes that.
Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
GCC was upset that it was theoretically possible for this
format string to result in a buffer overrun. This is because
it could not work out that `i` would never be negative. To
silence the warning, we use %u and cast to unsigned during the
formatting of the output filename.
Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
For some reason, we have to use the __GLIBC_PREREQ macro
in a more confined way otherwise the preprocessor gets confused.
Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
Since glibc 2.38 the functions strchrnul and strcasestr have been
exposed by default, rather than being hidden behind _GNU_SOURCE.
We therefore use the GLIBC_PREREQ macro to check the version of
the glibc headers and do not accidentally double-declare these
functions.
Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
Chris Young