diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-13 10:44:48 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-13 12:02:12 +0000 |
commit | 8b78be4530aefc030393978589f6cca1221d58ff (patch) | |
tree | 2aaaaf046bec7ce6c13211aad04f61e458e4e864 | |
parent | 5c76f0592d0e949ea81abe4af0c1d2996175862f (diff) | |
download | qtwebengine-chromium-8b78be4530aefc030393978589f6cca1221d58ff.tar.gz |
[Backport] Fix for CVE-2019-5775 and CVE-2019-5777
Mapping several Indic characters to confusables.
A number of characters from several Indian scripts are confusable,
especially with numbers. This change maps these characters to their
ASCII lookalike to allow fallback to punycode when displaying probable
spoofing URLs.
Bug: 849421
Bug: 892646
Bug: 896722
Change-Id: I6d463642f3541454dc39bf4b32b8291417697c52
Reviewed-on: https://chromium-review.googlesource.com/c/1295179
Reviewed-by: Tommy Li <tommycli@chromium.org>
Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org>
Cr-Commit-Position: refs/heads/master@{#602032}
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
4 files changed, 64 insertions, 2 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc index c0449e0ae99..2931767e4b1 100644 --- a/chromium/components/url_formatter/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/idn_spoof_checker.cc @@ -231,9 +231,18 @@ IDNSpoofChecker::IDNSpoofChecker() { // - {U+050D (ԍ), U+100c (ဌ)} => g // - {U+0D1F (ട), U+0E23 (ร), U+0EA3 (ຣ), U+0EAE (ຮ)} => s // - U+1042 (၂) => j + // - {U+0966 (०), U+09E6 (০), U+0A66 (੦), U+0AE6 (૦), U+0B30 (ଠ), + // U+0B66 (୦), U+0CE6 (೦)} => o, + // - {U+09ED (৭), U+0A67 (੧), U+0AE7 (૧)} => q, + // - {U+0E1A (บ), U+0E9A (ບ)} => u + // - {U+0968 (२), U+09E8 (২), U+0A68 (੨), U+0A68 (੨), U+0AE8 (૨), + // U+0ce9 (೩), U+0ced (೭)} => 2, // - {U+0437 (з), U+0499 (ҙ), U+04E1 (ӡ), U+0909 (उ), U+0993 (ও), + // U+0A69 (੩), U+0AE9 (૩), U+0C69 (౩), // U+1012 (ဒ), U+10D5 (ვ), U+10DE (პ)} => 3 - // - {U+0E1A (บ), U+0E9A (ບ)} => u + // - {U+0A6B (੫)} => 4, + // - {U+09EA (৪), U+0A6A (੪), U+0b6b (୫)} => 8, + // - {U+0AED (૭), U+0b68 (୨), U+0C68 (౨)} => 9, extra_confusable_mapper_.reset(icu::Transliterator::createFromRules( UNICODE_STRING_SIMPLE("ExtraConf"), icu::UnicodeString::fromUTF8( @@ -243,7 +252,15 @@ IDNSpoofChecker::IDNSpoofChecker() { "[мӎ] > m; [єҽҿၔ] > e; ґ > r; [ғӻ] > f;" "[ҫင] > c; ұ > y; [χҳӽӿ] > x;" "ԃ > d; [ԍဌ] > g; [ടรຣຮ] > s; ၂ > j;" - "[зҙӡउওဒვპ] > 3; [บບ] > u"), + "[०০੦૦ଠ୦೦] > o;" + "[৭੧૧] > q;" + "[บບ] > u;" + "[२২੨੨૨೩೭] > 2;" + "[зҙӡउও੩૩౩ဒვპ] > 3;" + "[੫] > 4;" + "[৪੪୫] > 8;" + "[૭୨౨] > 9;" + ), UTRANS_FORWARD, parse_error, status)); DCHECK(U_SUCCESS(status)) << "Spoofchecker initalization failed due to an error: " diff --git a/chromium/components/url_formatter/top_domains/test_domains.list b/chromium/components/url_formatter/top_domains/test_domains.list index 466caf995c3..466dadebff5 100644 --- a/chromium/components/url_formatter/top_domains/test_domains.list +++ b/chromium/components/url_formatter/top_domains/test_domains.list @@ -23,3 +23,10 @@ wsou.com aece.com aen.com n11.com +o2.com +28.com +39.com +89.com +43.com +oo.com +qq.com diff --git a/chromium/components/url_formatter/top_domains/test_domains.skeletons b/chromium/components/url_formatter/top_domains/test_domains.skeletons index 218bdc65a74..ecf5b68a795 100644 --- a/chromium/components/url_formatter/top_domains/test_domains.skeletons +++ b/chromium/components/url_formatter/top_domains/test_domains.skeletons @@ -34,3 +34,10 @@ l23456789O.corn, 1234567890.com aece.corn, aece.com aen.corn, aen.com nll.corn, n11.com +o2.corn, o2.com +28.corn, 28.com +39.corn, 39.com +89.corn, 89.com +43.corn, 43.com +oo.corn, oo.com +qq.corn, qq.com diff --git a/chromium/components/url_formatter/url_formatter_unittest.cc b/chromium/components/url_formatter/url_formatter_unittest.cc index 6e37bf810af..012d0f02cb1 100644 --- a/chromium/components/url_formatter/url_formatter_unittest.cc +++ b/chromium/components/url_formatter/url_formatter_unittest.cc @@ -420,6 +420,35 @@ const IDNTestCase idn_cases[] = { L"123.com", false}, + // 'o2.com', '28.com', '39.com', '43.com', '89.com', 'oo.com' and 'qq.com' + // are all explicitly added to the test domain list to aid testing of + // Latin-lookalikes that are numerics in other character sets and similar + // edge cases. + // + // Bengali: + {"xn--07be.com", L"\x09e6\x09e8.com", false}, + {"xn--27be.com", L"\x09e8\x09ea.com", false}, + {"xn--77ba.com", L"\x09ed\x09ed.com", false}, + // Gurmukhi: + {"xn--qcce.com", L"\x0a68\x0a6a.com", false}, + {"xn--occe.com", L"\x0a66\x0a68.com", false}, + {"xn--rccd.com", L"\x0a6b\x0a69.com", false}, + {"xn--pcca.com", L"\x0a67\x0a67.com", false}, + // Telugu: + {"xn--drcb.com", L"\x0c69\x0c68.com", false}, + // Devanagari: + {"xn--d4be.com", L"\x0966\x0968.com", false}, + // Kannada: + {"xn--yucg.com", L"\x0ce6\x0ce9.com", false}, + {"xn--yuco.com", L"\x0ce6\x0ced.com", false}, + // Oriya: + {"xn--1jcf.com", L"\x0b6b\x0b68.com", false}, + {"xn--zjca.com", L"\x0b66\x0b66.com", false}, + // Gujarati: + {"xn--cgce.com", L"\x0ae6\x0ae8.com", false}, + {"xn--fgci.com", L"\x0ae9\x0aed.com", false}, + {"xn--dgca.com", L"\x0ae7\x0ae7.com", false}, + // wmhtb.com {"xn--l1acpvx.com", L"\x0448\x043c\x043d\x0442\x044c.com", false}, // щмнть.com @@ -599,6 +628,8 @@ const IDNTestCase idn_cases[] = { L"12345678\x0b68" L"0.com", false}, + // 123456789ଠ.com + {"xn--http://123456789-v01b.com", L"http://123456789\x0b20.com", false}, // 123456789ꓳ.com {"xn--123456789-tx75a.com", L"123456789\xa4f3.com", false}, |