diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 14:22:07 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 14:13:06 +0000 |
commit | 01b3f792f17bcbaea0e873c50d27476ca48b8ef8 (patch) | |
tree | fba70a4dde8efc1f6e84da7f15ead0d14bbd61b3 | |
parent | c88d2026cc604c9cc7b42e4684eb480f12690e30 (diff) | |
download | qtwebengine-chromium-01b3f792f17bcbaea0e873c50d27476ca48b8ef8.tar.gz |
[Backport] CVE-2019-13659
Disallow combining Kana voiced sound marks (U+3099 and U+309A) in IDN
This CL disallows U+3099 and U+309A characters from domain names. Any IDN
containing these characters will be displayed as punycode.
As of July 2019, these characters are not used in any popular domains.
Bug: 868846
Change-Id: I7e36b30d7dcaf167fb3a6eb23b96f0aa4bd393ee
Reviewed-by: Christopher Thompson <cthomp@chromium.org>
Commit-Queue: Mustafa Emre Acer <meacer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#681043}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
-rw-r--r-- | chromium/components/url_formatter/idn_spoof_checker.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc index 56627da7599..6029873b282 100644 --- a/chromium/components/url_formatter/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/idn_spoof_checker.cc @@ -327,6 +327,7 @@ bool IDNSpoofChecker::SafeToDisplayAsUnicode(base::StringPiece16 label, // character. Other combining diacritical marks are not in the allowed // character set. // - Disallow dotless i (U+0131) followed by a combining mark. + // - Disallow combining Kana voiced sound marks. // - Disallow U+0307 (dot above) after 'i', 'j', 'l' or dotless i (U+0131). // Dotless j (U+0237) is not in the allowed set to begin with. dangerous_pattern = new icu::RegexMatcher( @@ -341,6 +342,7 @@ bool IDNSpoofChecker::SafeToDisplayAsUnicode(base::StringPiece16 label, R"([a-z]\u30fb|\u30fb[a-z]|)" R"([^\p{scx=latn}\p{scx=grek}\p{scx=cyrl}][\u0300-\u0339]|)" R"(\u0131[\u0300-\u0339]|)" + R"(\u3099|\u309A|)" R"([ijl]\u0307)", -1, US_INV), 0, status); |