-
Notifications
You must be signed in to change notification settings - Fork 29.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dns: use IDNA 2008 to encode non-ascii hostnames
Before this commit, Node.js left it up to the system resolver or c-ares. Leaving it to the system resolver introduces platform differences because: * some support IDNA 2008 * some only IDNA 2003 (glibc until 2.28), and * some don't support IDNA at all (musl libc) c-ares doesn't support IDNA either although curl does, by virtue of linking against libidn2. Upgrading from libidn1 to libidn2 in order to get proper IDNA 2008 support was the fix for curl's CVE-2016-8625. libidn2 is not an option (incompatible license) but ICU has an IDNA API and we already use that in one place. For non-ICU builds, we fall back to the bundled punycode.js that also supports IDNA 2008. Fixes: https://github.com/nodejs-private/security/issues/97 Fixes: #25558 PR-URL: #25679 Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
- Loading branch information
1 parent
6d9af41
commit c82f244
Showing
7 changed files
with
51 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
'use strict'; | ||
|
||
if (process.binding('config').hasIntl) { | ||
const { toASCII, toUnicode } = internalBinding('icu'); | ||
module.exports = { toASCII, toUnicode }; | ||
} else { | ||
const { toASCII, toUnicode } = require('punycode'); | ||
module.exports = { toASCII, toUnicode }; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
'use strict'; | ||
|
||
// Verify that non-ASCII hostnames are handled correctly as IDNA 2008. | ||
// | ||
// * Tests will fail with NXDOMAIN when UTF-8 leaks through to a getaddrinfo() | ||
// that doesn't support IDNA at all. | ||
// | ||
// * "straße.de" will resolve to the wrong address when the resolver supports | ||
// only IDNA 2003 (e.g., glibc until 2.28) because it encodes it wrong. | ||
|
||
const { mustCall } = require('../common'); | ||
const assert = require('assert'); | ||
const dns = require('dns'); | ||
|
||
const [host, expectedAddress] = ['straße.de', '81.169.145.78']; | ||
|
||
dns.lookup(host, mustCall((err, address) => { | ||
assert.ifError(err); | ||
assert.strictEqual(address, expectedAddress); | ||
})); | ||
|
||
dns.promises.lookup(host).then(mustCall(({ address }) => { | ||
assert.strictEqual(address, expectedAddress); | ||
})); | ||
|
||
dns.resolve4(host, mustCall((err, addresses) => { | ||
assert.ifError(err); | ||
assert.deepStrictEqual(addresses, [expectedAddress]); | ||
})); | ||
|
||
new dns.promises.Resolver().resolve4(host).then(mustCall((addresses) => { | ||
assert.deepStrictEqual(addresses, [expectedAddress]); | ||
})); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters