* src/http.c (resp_new): Replace \r\n by space in continuation lines
Fixes#53763
"Malicious website can write arbitrary cookie entries to cookie jar"
HTTP header parsing left the \r\n from continuation line intact.
The Set-Cookie code didn't check and could be tricked to write
\r\n into the cookie jar, allowing a server to generate cookies at will.
* tests/Test-https-badcerts.px: Fix test return value
* tests/Test-https-crl.px: Likewise
* README: How to create certs with GnuTLS's certtool
* tests/certs/revokedcrl.pem: Recreated revocation
* tests/certs/server.crt: Recreated server cert with no expiry
* tests/certs/test-ca-cert.pem: Recreated CA cert with no expiry
* src/openssl.c (init_prng): keep gathering entropy even though we
already have enough
(ssl_connect_with_timeout_callback): reseed PRNG again just before
the handshake
Reported-by: Jeffrey Walton <noloader@gmail.com>
This commit hardens SSL/TLS a bit more in the following ways:
* Explicitly exclude NULL authentication and the 'MEDIUM' cipher list
category. Ciphers in the 'HIGH' level are only considered - this
includes all symmetric ciphers with key lengths larger than 128 bits,
and some ('modern') 128-bit ciphers, such as AES in GCM mode.
* Allow RSA key exchange by default, but exclude it when
Perfect Forward Secrecy is desired (with --secure-protocol=PFS).
* Introduce new option --ciphers to set the cipher list that the SSL/TLS
engine will favor. This string is fed directly to the underlying TLS
library (GnuTLS or OpenSSL) without further processing, and hence its
format and syntax are directly dependent on the specific library.
Reported-by: Jeffrey Walton <noloader@gmail.com>
* src/css-url.c (get_uri_string): Check input length
* fuzz/wget_css_fuzzer.repro/buffer-overflow-6600180399865856:
Add reproducer corpus
Fixes OSS-Fuzz issue #8033.
This is a long standing bug affecting all versions <= 1.19.4.
* src/css-url.c (get_urls_css): Check input string length
* fuzz/wget_css_fuzzer.repro/negative-size-param-5724866467594240:
Add reproducer corpus
Fixes OSS-Fuzz issue #8032.
This is a long standing bug affecting all versions <= 1.19.4.
* fuzz/Makefile.am: Do not include corpora in tarball
* fuzz/main.c: SKIP if corpora directory isn't found (make check)
The fuzz corpora are thousands of files, not needed for a standard build
from a distribution tarball. The reproducers of former issues are being
included for regression testing.
* src/css-tokens.h: Add enums and fixate values
* src/css.l: Include config.h,
ignore several compiler warnings,
update the grammar to CSS 2.2
Fixes OSS-Fuzz issue #8010 (slowness issue).
This is a long standing bug affecting all versions <= 1.19.4.
Some crafted CSS input was extremely slow / CPU wasting, so it could
be used as a DOS attack against website scanning.
The code/grammar changes were backported from Wget2.x.
* fuzz/Makefile.am: Add wget_ftpls_fuzzer
* fuzz/wget_ftpls_fuzzer.c: New fuzzer
* fuzz/wget_ftpls_fuzzer.dict: Fuzzer dictionary
* fuzz/wget_ftpls_fuzzer.in/starter: Starting corpus
* src/ftp-ls.c: Parsing function take FILE * as argument,
new function ftp_parse_ls_fp()
* src/ftp.c: Remove static from freefileinfo()
* src/ftp.h: Add ftp_parse_ls_fp() and freefileinfo()
