diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-05-17 11:32:56 +0200 |
---|---|---|
committer | Alexandru Croitor <alexandru.croitor@qt.io> | 2017-07-11 13:20:10 +0000 |
commit | 2d14bca522d164901e316b8a39c5e4f999cf2ea3 (patch) | |
tree | 8faa24113de7615478391ea5cafd24414c84f265 | |
parent | 5636374d4cb7b81ec65d98ce9b7be26deee5ad54 (diff) |
[Backport] Fix for CVE-2017-5076
Disallow mixing of Canadian Syllabary and [a-z]
BUG=719199
TEST=components_unittests --gtest_filter=*IDNToUn*
Change-Id: Ie76c330ea1a7ea741a7b49f74733f13aa1508ae2
Review-Url: https://codereview.chromium.org/2871643005
Cr-Commit-Position: refs/heads/master@{#471538}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/components/url_formatter/url_formatter.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chromium/components/url_formatter/url_formatter.cc b/chromium/components/url_formatter/url_formatter.cc index 60c88c5eb88..1bfedf55289 100644 --- a/chromium/components/url_formatter/url_formatter.cc +++ b/chromium/components/url_formatter/url_formatter.cc @@ -421,6 +421,8 @@ bool IsIDNComponentSafe(const base::char16* str, icu::UnicodeString( // Lone katakana no, so, or n L"[^\\p{Katakana}][\u30ce\u30f3\u30bd][^\\p{Katakana}]" + // - Disalow mixing of Latin and Canadian Syllabary. + L"|[\\p{sc=cans}].*[a-z]|[a-z].*[\\p{sc=cans}]" // Repeating Japanese accent characters L"|[\u3099\u309a\u309b\u309c][\u3099\u309a\u309b\u309c]"), 0, status); @@ -447,6 +449,8 @@ bool IsIDNComponentSafe(const base::char16* str, icu::UnicodeString( // Lone katakana no, so, or n "[^\\p{Katakana}][\\u30ce\\u30f3\\u30bd][^\\p{Katakana}]" + // - Disalow mixing of Latin and Canadian Syllabary. + "|[\\p{sc=cans}].*[a-z]|[a-z].*[\\p{sc=cans}]" // Repeating Japanese accent characters "|[\\u3099\\u309a\\u309b\\u309c][\\u3099\\u309a\\u309b\\u309c]"), 0, status); |