|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76829 Incorrect validation of domain on idn_to_utf8() function
Submitted: 2018-08-31 14:45 UTC Modified: 2018-08-31 17:46 UTC
From: dsromashov at yandex dot ru Assigned:
Status: Closed Package: intl (PECL)
PHP Version: 7.0.31 OS:
Private report: No CVE-ID: None
 [2018-08-31 14:45 UTC] dsromashov at yandex dot ru
In source code I see that comparison with 255 bytes is after covertation to Unicode by uidna_nameToUnicodeUTF8() function and it is wrong.
So domain 'абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф' has 264 bytes, so idn_to_utf8() function returns false.

RFC 589: U-label Lengths section:
"Because A-labels (the form actually used in the DNS) are potentially much more compressed than UTF-8 (and UTF-8 is, in general, more compressed that UTF-16 or UTF-32), U-labels that obey all of the relevant symmetry (and other) constraints of these documents may be quite a bit longer, potentially up to 252 characters (Unicode code points).  A fully-qualified domain name containing several such labels can obviously also exceed the nominal 255 octet limit for such names.  Application authors using U-labels must exert due caution to avoid buffer overflow and truncation errors and attacks in contexts where shorter strings are expected."

So, it is need compare with 255 bytes punycode form of domain, not Unicode.

Test script:
$punycode = idn_to_ascii('абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф', IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);

$unicode = idn_to_utf8($punycode, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);


Expected result:
string(294) "абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаежзи.абвгдаеж.рф"

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-08-31 17:46 UTC]
-Package: idn +Package: intl
 [2018-08-31 22:21 UTC]
Automatic comment on behalf of ab
Log: Fixed bug #76829 Incorrect validation of domain on idn_to_utf8() function
 [2018-08-31 22:21 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Mar 02 05:01:28 2024 UTC