libuv/backport-0001-CVE-2024-24806.patch

From 0f2d7e784a256b54b2385043438848047bc2a629 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Thu, 18 Jan 2024 14:51:40 +0100
Subject: [PATCH] fix: always zero-terminate idna output

Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
---
 src/idna.c       | 5 +++--
 test/test-idna.c | 4 ++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/idna.c b/src/idna.c
index 3cf79ca94b1..4638546d020 100644
--- a/src/idna.c
+++ b/src/idna.c
@@ -356,9 +356,10 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
       return rc;
   }
 
-  if (d < de)
-    *d++ = '\0';
+  if (d >= de)
+    return UV_EINVAL;
 
+  *d++ = '\0';
   return d - ds;  /* Number of bytes written. */
 }
 
diff --git a/test/test-idna.c b/test/test-idna.c
index bcacfc8a3ad..5f8d696a7f0 100644
--- a/test/test-idna.c
+++ b/test/test-idna.c
@@ -100,6 +100,7 @@ TEST_IMPL(utf8_decode1) {
 TEST_IMPL(utf8_decode1_overrun) {
   const char* p;
   char b[1];
+  char c[1];
 
   /* Single byte. */
   p = b;
@@ -113,6 +114,9 @@ TEST_IMPL(utf8_decode1_overrun) {
   ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1));
   ASSERT_PTR_EQ(p, b + 1);
 
+  b[0] = 0x7F;
+  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
+
   return 0;
 }