Commit
34239ed89f5d141d3c27337f7b1629ee184460b8
by dsilversutils: Update guard checks in config.h Since glibc 2.38 the functions strchrnul and strcasestr have been exposed by default, rather than being hidden behind _GNU_SOURCE. We therefore use the GLIBC_PREREQ macro to check the version of the glibc headers and do not accidentally double-declare these functions. Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
|
| utils/config.h (diff) |
Commit
9e448ebfcd481bbce41b540c839a1f06d86423f4
by dsilversutils: Update config.h for confusing define problems For some reason, we have to use the __GLIBC_PREREQ macro in a more confined way otherwise the preprocessor gets confused. Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
|
| utils/config.h (diff) |
Commit
74791c02293e7230583a03244fd42e4b1d4990df
by dsilversutils: Belt and braces to satisfy gcc GCC was upset that it was theoretically possible for this format string to result in a buffer overrun. This is because it could not work out that `i` would never be negative. To silence the warning, we use %u and cast to unsigned during the formatting of the output filename. Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
|
| utils/filename.c (diff) |
Commit
8767befca60d6aa72836377573b41b30e7d00c93
by dsilversmonkey: Fix off-by-one which could result in overflow The buffer for storing the js_exec arguments could be one byte too small in which case bad things might happen. This fixes that. Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
|
| frontends/monkey/browser.c (diff) |
|
| content/handlers/javascript/duktape/Window.bnd (diff) |
|
| content/fetch.c (diff) |
|
| content/handlers/image/ico.c (diff) |
| content/handlers/image/bmp.c (diff) |
|
| content/hlcache.c (diff) |
| content/llcache.c (diff) |
|
| desktop/textarea.c (diff) |
|
| frontends/monkey/bitmap.c (diff) |
| frontends/monkey/dispatch.c (diff) |
| frontends/monkey/401login.c (diff) |
| frontends/monkey/browser.c (diff) |
| frontends/monkey/download.c (diff) |
Commit
4a50da326a6fc27da1be1edf068ab50ea919384e
by dsilversnsurl: Reject URLs with invalid host components The host component, by the time we hit the validation code, should be a valid DNS name. In theory it could also be an IPv6 address, but those are far more painful to deal with so we're ignoring that opportunity for now. This fixes a problem where the search_web_omni logic would fail to generate a search because nsurl_create() succeeded even though it shouldn't have. Signed-off-by: Daniel Silverstone <dsilvers@netsurf-browser.org>
|
| utils/nsurl/parse.c (diff) |
|
| docs/env.sh (diff) |
|
| docs/env.sh (diff) |
Commit
1b10fcedcf9f4d4209f5bd0308b14c4cee665141
by dsilversnsurl: Add underscore to permitted characters The host component must be a valid DNS name; and unfortunately underscores are present in some DNS names already, despite a 2019 decision to not issue them going forward. As such we permit the underscore as well in order to work with old-school URLs which may exist in the wild. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| utils/nsurl/parse.c (diff) |
Commit
1cf1391916863002252564200d14129b742dd1ed
by dsilverstest: Correct nsurl case which should fail We were previously assuming a badly escaped hostname would not be a url parse failure; but in practice firefox expects it to fail and thus omnis to a search instead. This behaviour is expected, thus we update the test case. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| test/nsurl.c (diff) |
Commit
553dc93ec8f414f475e4e6d5e66e0a7d6131da96
by dsilversnsurl: Add support for IPv6 literals Unfortunately, despite previous assertions to the contrary, we do need to deal with IPv6 literals. For now we validate just that they are encased by square brackets and consist only of hex digits and colons. We do not validate that they are actually valid IPv6 addresses. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| utils/nsurl/parse.c (diff) |
|
| Makefile (diff) |
|
| content/handlers/html/layout_internal.h (diff) |
|
| content/handlers/css/dump.c (diff) |
| content/handlers/html/layout.c (diff) |
| content/handlers/html/layout_internal.h (diff) |
| content/handlers/html/box_special.c (diff) |
| content/handlers/html/table.c (diff) |
|
| content/handlers/html/layout.c (diff) |
|
| content/handlers/html/layout.c (diff) |
|
| content/handlers/html/layout.c (diff) |
|
| content/handlers/html/layout.c (diff) |
|
| content/handlers/html/layout_internal.h (diff) |
|
| content/handlers/css/dump.c (diff) |
|
| frontends/amiga/cookies.c (diff) |
| frontends/amiga/pageinfo.c (diff) |
| desktop/hotlist.h (diff) |
| frontends/atari/hotlist.c (diff) |
| frontends/amiga/corewindow.c (diff) |
| frontends/windows/main.c (diff) |
| desktop/treeview.h (diff) |
| desktop/gui_factory.c (diff) |
| frontends/atari/treeview.h (diff) |
| desktop/cookie_manager.c (diff) |
| frontends/atari/history.c (diff) |
| frontends/windows/global_history.c (diff) |
| desktop/hotlist.c (diff) |
| desktop/global_history.h (diff) |
| frontends/atari/treeview.c (diff) |
| frontends/amiga/history_local.c (diff) |
| frontends/atari/cookies.c (diff) |
| frontends/riscos/hotlist.c (diff) |
| desktop/gui_table.h (diff) |
| desktop/treeview.c (diff) |
| frontends/amiga/corewindow.h (diff) |
| frontends/windows/local_history.c (diff) |
| frontends/framebuffer/gui.c (diff) |
| frontends/gtk/corewindow.c (diff) |
| frontends/amiga/history.c (diff) |
| frontends/framebuffer/local_history.c (diff) |
| frontends/gtk/page_info.c (diff) |
| include/netsurf/core_window.h (diff) |
| desktop/cw_helper.h (diff) |
| desktop/global_history.c (diff) |
| desktop/cw_helper.c (diff) |
| desktop/local_history.h (diff) |
| frontends/windows/cookies.c (diff) |
| frontends/gtk/local_history.c (diff) |
| frontends/gtk/corewindow.h (diff) |
| frontends/gtk/gui.c (diff) |
| frontends/amiga/hotlist.c (diff) |
| desktop/page-info.c (diff) |
| frontends/framebuffer/corewindow.c (diff) |
| frontends/gtk/cookies.c (diff) |
| frontends/gtk/global_history.c (diff) |
| frontends/riscos/corewindow.h (diff) |
| frontends/windows/corewindow.h (diff) |
| frontends/riscos/pageinfo.c (diff) |
| desktop/cookie_manager.h (diff) |
| frontends/windows/corewindow.c (diff) |
| frontends/riscos/gui.c (diff) |
| desktop/page-info.h (diff) |
| frontends/riscos/corewindow.c (diff) |
| frontends/windows/hotlist.c (diff) |
| frontends/riscos/local_history.c (diff) |
| frontends/atari/gui.c (diff) |
| frontends/amiga/gui.c (diff) |
| frontends/gtk/hotlist.c (diff) |
| frontends/riscos/global_history.c (diff) |
| frontends/riscos/cookies.c (diff) |
| desktop/local_history.c (diff) |
| frontends/framebuffer/corewindow.h (diff) |
|
| desktop/treeview.c (diff) |
|
| frontends/atari/gui.c (diff) |
|
| test/calc/steps-full-width.html (diff) |
| test/calc/steps.html (diff) |
|
| utils/utils.h (diff) |
Commit
087f88ae8cc2b7f763dafa3522f9b0e57e914b3a
by dsilversbox_construct: clamp rowspan and colspan In order to not blow up on massive rowspan/colspan values (which could be an issue according to #2873) we clamp them according to the HTML spec section 4.9.11 Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| content/handlers/html/box_construct.c (diff) |
|
| utils/nsurl/nsurl.c (diff) |
|
| utils/nsurl/parse.c (diff) |
Commit
758cafe4059b253e6c3f14e6eebaa5b2dadb7835
by dsilversidna: Bounds check during encode/decode Detected by some norwegian students who were doing security analysis, we would overrun buffers in idna_{en,de}code() so this corrects that problem. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| utils/idna.c (diff) |
Commit
c3794ba8aa4bfa0717a2b678b355fa556f81438f
by dsilverstest: Add nsurl test to cover idna_{en,de}code() This adds regression checks for the security issue recently fixed in idna_{en,de}code(). Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| test/nsurl.c (diff) |
Commit
24579fab5da8edc6c5485543a6436b76c789e6bd
by dsilversidna: use memcpy not strncpy Since we know the number of bytes we want to copy, just use memcpy instead of strncpy - this will be faster and hopefully will warn less on arm systems. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
|
| utils/idna.c (diff) |
|
| content/handlers/html/layout_internal.h (diff) |
| content/handlers/css/dump.c (diff) |
| content/handlers/html/box_special.c (diff) |
| content/handlers/html/layout.c (diff) |
| content/handlers/html/table.c (diff) |
|
| test/data/Choices (diff) |
| desktop/searchweb.h (diff) |
| frontends/amiga/gui_options.c (diff) |
| desktop/options.h (diff) |
| desktop/searchweb.c (diff) |
| test/data/Choices-all (diff) |
| frontends/amiga/gui.c (diff) |
| frontends/gtk/gui.c (diff) |
| frontends/gtk/preferences.c (diff) |