diff options
| author | meacer <meacer@chromium.org> | 2019-11-08 15:23:47 +0000 |
|---|---|---|
| committer | Michael Brüning <michael.bruning@qt.io> | 2020-03-06 12:04:03 +0000 |
| commit | 25b6ec913a1eca2608e9a056c62ddb15d0e15640 (patch) | |
| tree | 751adb16e24eb8b0b0c722baa2c89ce158c6f453 | |
| parent | b88a10e7a666792cc8a2d9a9310748a79b1f032b (diff) | |
| download | qtwebengine-chromium-25b6ec913a1eca2608e9a056c62ddb15d0e15640.tar.gz | |
[Backport] CVE-2020-6401 (3/3)
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/1904761:
Disallow Latin Small Letter Schwa (U+0259) for domains outside .az TLD
The letter "ə" (U+0259) can be confused with both "e" and "a" when used
in domain names. IDN spoof checker currently doesn't have a way of
treating a single character as confusable with multiple characters, so
the only option is to map this letter to either "e" or "a" but not both.
This is obviously not desirable since the Schwa can be used to spoof the
non-mapped character.
As a result, there is no straightforward solution other than limiting the
character to .az domains (The letter is used commonly in Azerbaijani
language).
This fix affects ~250 registered domains containing the letter "ə".
However, only ~40 of these domains serve some sort of content, the rest
are either parked or don't serve content. Furthermore, only 1 of these
domains appear in usage logs and the domain is not widely used, so this
is probably a safe change.
Bug: 1017707
Change-Id: I18a32d193e9290babd9199c7d55d127f7b33bd42
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
| -rw-r--r-- | chromium/components/url_formatter/spoof_checks/idn_spoof_checker.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/chromium/components/url_formatter/spoof_checks/idn_spoof_checker.cc b/chromium/components/url_formatter/spoof_checks/idn_spoof_checker.cc index 9b37fd34b81..d0c22538cd4 100644 --- a/chromium/components/url_formatter/spoof_checks/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/spoof_checks/idn_spoof_checker.cc @@ -287,6 +287,11 @@ bool IDNSpoofChecker::SafeToDisplayAsUnicode( if (label_string.length() > 1 && top_level_domain != ".is" && icelandic_characters_.containsSome(label_string)) + // Disallow Latin Schwa (U+0259) for domains outside Azerbaijan's ccTLD (.az). + if (label_string.length() > 1 && top_level_domain != "az" && + label_string.indexOf("ə") != -1) + return false; + // If there's no script mixing, the input is regarded as safe without any // extra check unless it falls into one of three categories: // - contains Kana letter exceptions |