[Backport] CVE-2019-13659

Manual backport
Disallow combining Kana voiced sound marks (U+3099 and U+309A) in IDN

This CL disallows U+3099 and U+309A characters from domain names. Any IDN
containing these characters will be displayed as punycode.

As of July 2019, these characters are not used in any popular domains.

Bug: 868846
Commit-Queue: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Change-Id: I0d10343ad9b4a0cafa6f4739162a5095a8a80e16
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 2 insertions, 0 deletions

diff --git a/chromium/components/url_formatter/url_formatter.cc b/chromium/components/url_formatter/url_formatter.cc
index ca252040a30..8a9c2b95310 100644
--- a/chromium/components/url_formatter/url_formatter.cc
+++ b/chromium/components/url_formatter/url_formatter.cc
@@ -415,6 +415,7 @@ bool IDNSpoofChecker::Check(base::StringPiece16 label, bool is_tld_ascii) {
     // - Disallow combining diacritical mark (U+0300-U+0339) after a non-LGC
     //   character. Other combining diacritical marks are not in the allowed
     //   character set.
+    // - Disallow combining Kana voiced sound marks.
     // - Disallow U+0307 (dot above) after 'i', 'j', 'l' or dotless i (U+0131).
     //   Dotless j (U+0237) is not in the allowed set to begin with.
     dangerous_pattern = new icu::RegexMatcher(
@@ -428,6 +429,7 @@ bool IDNSpoofChecker::Check(base::StringPiece16 label, bool is_tld_ascii) {
             "^[\\p{scx=hira}]+[\\u30d8-\\u30da][\\p{scx=hira}]+$|"
             "[a-z]\\u30fb|\\u30fb[a-z]|"
             "[^\\p{scx=latn}\\p{scx=grek}\\p{scx=cyrl}][\\u0300-\\u0339]|"
+            "\\u3099|\\u309A|"
             "[ijl\\u0131]\\u0307",
             -1, US_INV),
         0, status);