summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2017-05-17 11:32:56 +0200
committerAlexandru Croitor <alexandru.croitor@qt.io>2017-07-11 13:20:10 +0000
commit2d14bca522d164901e316b8a39c5e4f999cf2ea3 (patch)
tree8faa24113de7615478391ea5cafd24414c84f265
parent5636374d4cb7b81ec65d98ce9b7be26deee5ad54 (diff)
[Backport] Fix for CVE-2017-5076
Disallow mixing of Canadian Syllabary and [a-z] BUG=719199 TEST=components_unittests --gtest_filter=*IDNToUn* Change-Id: Ie76c330ea1a7ea741a7b49f74733f13aa1508ae2 Review-Url: https://codereview.chromium.org/2871643005 Cr-Commit-Position: refs/heads/master@{#471538} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat
-rw-r--r--chromium/components/url_formatter/url_formatter.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/chromium/components/url_formatter/url_formatter.cc b/chromium/components/url_formatter/url_formatter.cc
index 60c88c5eb88..1bfedf55289 100644
--- a/chromium/components/url_formatter/url_formatter.cc
+++ b/chromium/components/url_formatter/url_formatter.cc
@@ -421,6 +421,8 @@ bool IsIDNComponentSafe(const base::char16* str,
icu::UnicodeString(
// Lone katakana no, so, or n
L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]"
+ // - Disalow mixing of Latin and Canadian Syllabary.
+ L"|[\\p{sc=cans}].*[a-z]|[a-z].*[\\p{sc=cans}]"
// Repeating Japanese accent characters
L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"),
0, status);
@@ -447,6 +449,8 @@ bool IsIDNComponentSafe(const base::char16* str,
icu::UnicodeString(
// Lone katakana no, so, or n
"[^\\p{Katakana}][\\u30ce\\u30f3\\u30bd][^\\p{Katakana}]"
+ // - Disalow mixing of Latin and Canadian Syllabary.
+ "|[\\p{sc=cans}].*[a-z]|[a-z].*[\\p{sc=cans}]"
// Repeating Japanese accent characters
"|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"),
0, status);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 10:59:22 +0000