Meant to say "On newer versions we *DON'T* set it to allow certain normally disallowed characters in domain names, like underscore."
On 05.04.20 19:13, Tim Rühsen wrote: > Hi Mats, > > On 05.04.20 17:28, Mats Erik Andersson wrote: >> Hello there, >> >> since Simon Josefsson and Tim Rühsen are both involved in libidn2, >> this bug is doubly relevant here. > > The bug is more relevant because Simon and I are involved in libidn2 ? > I don't understand - could could explain ? > > I added [email protected] to get the experts in. > >> The following call >> >> host = "::1"; >> >> idna_to_ascii_lz(host, &newhost, 0); >> >> results in >> >> newhost = "1" >> >> when executed on OpenBSD 6.3 with libidn2. This is clearly not intended. >> Right? > > This is right, when the IDN2_USE_STD3_ASCII_RULES flag is set. That flag > is set by default on older versions of libidn2. > On newer versions we set it to allow certain normally disallowed > characters in domain names, like underscore. > > From the NEWS file: > * Version 2.0.3 (released 2017-07-24) [beta] > > ** %IDN2_USE_STD3_ASCII_RULES disabled by default. > Previously we were eliminating non-STD3 characters from domain strings > such as _443._tcp.example.com, or IPs 1.2.3.4/24 provided to libidn2 > functions. That was an unexpected regression for applications switching > from libidn and thus it is no longer applied by default. > Use %IDN2_USE_STD3_ASCII_RULES to enable that behavior again. > > >> In contrast, FreeBSD 11 with libidn and OpenIndiana with libidn2, both lead >> to >> >> newhost = "::1" > > That is a newer version of libidn2 then. > >> which is to be expected of an IPv6 address. Similarly, the OpenBSD+libidn2 >> call transforms the legal "::ffff:127.0.0.1" for the corrupted >> "ffff127.0.0.1". >> >> Thus the compatibility call idna_to_ascii_lz() in libidn2 strips off every >> colon, >> when executed on OpenBSD but not on OpenIndiana. Explanation? Resolution? >> I get two failed tests with OpenBSD, but none with OpenIndiana! > > The resolution is to update libidn2 to 2.3.0. Please check the NEWS file > for fixed bugs and vulnerabilities. > > Regards, Tim >
signature.asc
Description: OpenPGP digital signature
