[Backport] CVE-2019-13674

Added Georgian d to confusables mapping Added Georgian d to mapping of frequently confused symbol based on idn spoofing possibility of d4000.com Bug: 896533 Change-Id: I2c308379ffa9d4b67923dee3d40700c0c733a696 Reviewed-by: Tommy Li <tommycli@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Commit-Queue: Cynthia Liang <liangcyn@google.com> Cr-Commit-Position: refs/heads/master@{#677585} Reviewed-by: Michael Brüning <michael.bruning@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2019-10-17 11:09:33 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2019-10-21 08:12:54 +0000
commit: 32d77d99be3f461a13c393167d61e107c800a364 (patch)
tree: 9769cdd2b27f779452d214c785f6557fc1904282
parent: 4f553e3a0c6270e66a64ec88f2212d4bc55742e8 (diff)
download: qtwebengine-chromium-32d77d99be3f461a13c393167d61e107c800a364.tar.gz
4 files changed, 18 insertions, 5 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc
index eba177be41b..6318a4165ef 100644
--- a/chromium/components/url_formatter/idn_spoof_checker.cc
+++ b/chromium/components/url_formatter/idn_spoof_checker.cc
@@ -199,8 +199,8 @@ IDNSpoofChecker::IDNSpoofChecker() {
   //   - {U+0493 (ғ), U+04FB (ӻ)} => f
   //   - {U+04AB (ҫ), U+1004 (င)} => c
   //   - U+04B1 (ұ) => y
-  //   - U+03C7 (χ), U+04B3 (ҳ), U+04FD (ӽ), U+04FF (ӿ) => x
-  //   - U+0503 (ԃ) => d
+  //   - {U+03C7 (χ), U+04B3 (ҳ), U+04FD (ӽ), U+04FF (ӿ)} => x
+  //   - {U+0503 (ԃ), U+10EB (ძ)} => d
   //   - {U+050D (ԍ), U+100c (ဌ)} => g
   //   - {U+0D1F (ട), U+0E23 (ร), U+0EA3 (ຣ), U+0EAE (ຮ)} => s
   //   - U+1042 (၂) => j
@@ -224,7 +224,7 @@ IDNSpoofChecker::IDNSpoofChecker() {
           "[ŧтҭԏ] > t; [ƅьҍв] > b;  [ωшщพฟພຟ] > w;"
           "[мӎ] > m; [єҽҿၔ] > e; ґ > r; [ғӻ] > f;"
           "[ҫင] > c; ұ > y; [χҳӽӿ] > x;"
-          "ԃ  > d; [ԍဌ] > g; [ടรຣຮ] > s; ၂ > j;"
+          "[ԃძ]  > d; [ԍဌ] > g; [ടรຣຮ] > s; ၂ > j;"
           "[०০੦૦ଠ୦೦] > o;"
           "[৭੧૧] > q;"
           "[บບ] > u;"
@@ -232,8 +232,7 @@ IDNSpoofChecker::IDNSpoofChecker() {
           "[зҙӡउওਤ੩૩౩ဒვპ] > 3;"
           "[੫] > 4;"
           "[৪੪୫] > 8;"
-          "[૭୨౨] > 9;"
-      ),
+          "[૭୨౨] > 9;"),
       UTRANS_FORWARD, parse_error, status));
   DCHECK(U_SUCCESS(status))
       << "Spoofchecker initalization failed due to an error: "
diff --git a/chromium/components/url_formatter/top_domains/test_domains.list b/chromium/components/url_formatter/top_domains/test_domains.list
index 33a13ab49a1..b0b96dca31d 100644
--- a/chromium/components/url_formatter/top_domains/test_domains.list
+++ b/chromium/components/url_formatter/top_domains/test_domains.list
@@ -1,3 +1,4 @@
+d4000.com
 digklmo68.com
 digklmo68.co.uk
 islkpx123.com
diff --git a/chromium/components/url_formatter/top_domains/test_domains.skeletons b/chromium/components/url_formatter/top_domains/test_domains.skeletons
index b4c6cb41847..221316a3260 100644
--- a/chromium/components/url_formatter/top_domains/test_domains.skeletons
+++ b/chromium/components/url_formatter/top_domains/test_domains.skeletons
@@ -9,6 +9,7 @@
 # Each entry is the skeleton of a top domain for the confusability check
 # in components/url_formatter/url_formatter.cc.
 
+d4OOO.corn, d4000.com
 digklrno68.corn, digklmo68.com
 digklrno68.co.uk, digklmo68.co.uk
 islkpxl23.corn, islkpx123.com
diff --git a/chromium/components/url_formatter/url_formatter_unittest.cc b/chromium/components/url_formatter/url_formatter_unittest.cc
index 1a309905b4e..de4eed0bf0a 100644
--- a/chromium/components/url_formatter/url_formatter_unittest.cc
+++ b/chromium/components/url_formatter/url_formatter_unittest.cc
@@ -135,6 +135,13 @@ const IDNTestCase idn_cases[] = {
     {"xn---123-kbjl2j0bl2k.in", L"\x0939\x093f\x0928\x094d\x0926\x0940-123.in",
      true},
 
+    // URL test with mostly numbers and one confusable character
+    // Georgian 'd' 4000.com
+    {"xn--4000-pfr.com",
+     L"\x10eb"
+     L"4000.com",
+     false},
+
     // What used to be 5 Aspirational scripts in the earlier versions of UAX 31.
     // UAX 31 does not define aspirational scripts any more.
     // See http://www.unicode.org/reports/tr31/#Aspirational_Use_Scripts .
@@ -170,6 +177,11 @@ const IDNTestCase idn_cases[] = {
     {"xn--hllo-bpa7979ih5m.cn", L"h\x00e9llo\x4e2d\x56fd.cn", false},
     // <Greek rho><Cyrillic a><Cyrillic u>.ru
     {"xn--2xa6t2b.ru", L"\x03c1\x0430\x0443.ru", false},
+    // Georgian + Latin
+    {"xn--abcef-vuu.test",
+     L"abc\x10eb"
+     L"ef.test",
+     false},
     // Hangul + Latin
     {"xn--han-eb9ll88m.kr", L"\xd55c\xae00han.kr", true},
     // Hangul + Latin + Han with IDN ccTLD
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2019-10-17 11:09:33 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2019-10-21 08:12:54 +0000
commit	32d77d99be3f461a13c393167d61e107c800a364 (patch)
tree	9769cdd2b27f779452d214c785f6557fc1904282
parent	4f553e3a0c6270e66a64ec88f2212d4bc55742e8 (diff)
download	qtwebengine-chromium-32d77d99be3f461a13c393167d61e107c800a364.tar.gz