diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-15 10:29:01 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-16 11:01:01 +0000 |
commit | e8ba421d30c92f095346c574c0d2bbf7e6a10369 (patch) | |
tree | 4e14f1d10e8b9e9de76487932e2f31fed5b934cd | |
parent | 6ddab05a4c715e2a5f2792ba36ec4762c144355a (diff) | |
download | qtwebengine-chromium-e8ba421d30c92f095346c574c0d2bbf7e6a10369.tar.gz |
[Backport] CVE-2019-13663 [2/2]
Block CJK ideographs looking like slashes in domain names
This CL blocks the following characters from appearing in unicode domain names
when they're surrounded by non-Japanese scripts:
"丶" (CJK unified ideograph, U+4E36)
"乀" (CJK unified ideograph, U+4E40)
"乁" (CJK unified ideograph, U+4E41)
"丿" (CJK unified ideograph, U+4E3F)
None of these characters are currently used in domain names so the real world
impact is nil.
Bug: 863661
Change-Id: Ifc3a40d46d957bc99383445a71577a0cba744aec
Commit-Queue: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Tommy Li <tommycli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#679205}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/components/url_formatter/idn_spoof_checker.cc | 16 | ||||
-rw-r--r-- | chromium/components/url_formatter/url_formatter_unittest.cc | 10 |
2 files changed, 21 insertions, 5 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc index 47e42faed22..eba177be41b 100644 --- a/chromium/components/url_formatter/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/idn_spoof_checker.cc @@ -310,10 +310,16 @@ bool IDNSpoofChecker::SafeToDisplayAsUnicode(base::StringPiece16 label, // regex is OR'ed with the | operator. dangerous_pattern = new icu::RegexMatcher( icu::UnicodeString( - // Disallow the katakana no (U+30ce), so (U+30bd), zo (U+30be), or - // n (U+30f3), as they may be mistaken for slashes when they're - // surrounded by non-Japanese scripts (i.e. scripts other than - // Katakana, Hiragana or Han). If {no, so, zo, n} next to a + // Disallow the following as they may be mistaken for slashes when + // they're surrounded by non-Japanese scripts (i.e. scripts other + // than Katakana, Hiragana or Han): + // "ノ" (Katakana no, U+30ce), "ソ" (Katakana so, U+30bd), + // "ゾ" (Katakana zo, U+30be), "ン" (Katakana n, U+30f3), + // "丶" (CJK unified ideograph, U+4E36), + // "乀" (CJK unified ideograph, U+4E40), + // "乁" (CJK unified ideograph, U+4E41), + // "丿" (CJK unified ideograph, U+4E3F). + // If {no, so, zo, n} next to a // non-Japanese script on either side is disallowed, legitimate // cases like '{vitamin in Katakana}b6' are blocked. Note that // trying to block those characters when used alone as a label is @@ -323,7 +329,7 @@ bool IDNSpoofChecker::SafeToDisplayAsUnicode(base::StringPiece16 label, // string. See http://bugs.icu-project.org/trac/ticket/12823 . // TODO(jshin): adjust the pattern once the above ICU bug is fixed. R"([^\p{scx=kana}\p{scx=hira}\p{scx=hani}])" - R"([\u30ce\u30f3\u30bd\u30be])" + R"([\u30ce\u30f3\u30bd\u30be\u4e36\u4e40\u4e41\u4e3f])" R"([^\p{scx=kana}\p{scx=hira}\p{scx=hani}]|)" // Disallow U+30FD (Katakana iteration mark) and U+30FE (Katakana diff --git a/chromium/components/url_formatter/url_formatter_unittest.cc b/chromium/components/url_formatter/url_formatter_unittest.cc index b55a37d27d4..1a309905b4e 100644 --- a/chromium/components/url_formatter/url_formatter_unittest.cc +++ b/chromium/components/url_formatter/url_formatter_unittest.cc @@ -1042,6 +1042,16 @@ const IDNTestCase idn_cases[] = { // U+4E00 with another ideograph. {"xn--4gqc.com", L"一丁.com", true}, + // CJK ideographs looking like slashes should be blocked when next to + // non-CJK. + {"example.xn--comtest-k63k", L"example.com丶test", false}, + {"example.xn--comtest-u83k", L"example.com乀test", false}, + {"example.xn--comtest-283k", L"example.com乁test", false}, + {"example.xn--comtest-m83k", L"example.com丿test", false}, + // This is allowed because the ideographs are not immediately next to + // non-CJK. + {"xn--oiqsace.com", L"丶乀乁丿.com", true}, + // Kana voiced sound marks are not allowed. {"xn--google-1m4e.com", L"google\x3099.com", false}, {"xn--google-8m4e.com", L"google\x309A.com", false}, |