From 40dad53252e82eb4ee6e0c000e0c9ab15c7af312 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Thu, 18 Jan 2024 14:51:40 +0100
Subject: [PATCH] fix: always zero-terminate idna output

CVE: CVE-2024-24806
Upstream commit: 0f2d7e784a256b54b2385043438848047bc2a629

Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
---
 src/idna.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/idna.c b/src/idna.c
index 13ffac6b..874f1caf 100644
--- a/src/idna.c
+++ b/src/idna.c
@@ -284,8 +284,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
       return rc;
   }
 
-  if (d < de)
-    *d++ = '\0';
+  if (d >= de)
+    return UV_EINVAL;
 
+  *d++ = '\0';
   return d - ds;  /* Number of bytes written. */
 }
-- 
2.43.0