diff options
author | Michal Klocek <michal.klocek@qt.io> | 2018-05-16 02:11:14 +0000 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2018-08-10 14:44:25 +0000 |
commit | 61bd0c0fbf58f16051a67823c36a1a8c1a9a4ce9 (patch) | |
tree | a6d6d25db856045b147963d0fc366aa03c85f9e6 | |
parent | 6fcc9551724b109f02a279c93c3d73b8b6736467 (diff) |
[Backport] CVE-2018-6175
Add a few more confusability mapping entries
U+0153(œ) => ce
U+00E6(æ), U+04D5 (ӕ) => ae
U+0499(ҙ) => 3
U+0525(ԥ) => n
Bug: 835554, 826019, 836885
Reviewed-on: https://chromium-review.googlesource.com/1055894
Change-Id: I0cc9868979db96dfe6272c20628e839d13946fe7
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
4 files changed, 29 insertions, 11 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc index a94e6dc4a1a..7d24abec604 100644 --- a/chromium/components/url_formatter/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/idn_spoof_checker.cc @@ -149,12 +149,16 @@ IDNSpoofChecker::IDNSpoofChecker() { UTRANS_FORWARD, parse_error, status)); // Supplement the Unicode confusable list by the following mapping. + // - {U+00E6 (æ), U+04D5 (ӕ)} => "ae" // - {U+00FE (þ), U+03FC (ϼ), U+048F (ҏ)} => p // - {U+0127 (ħ), U+043D (н), U+045B (ћ), U+04A3 (ң), U+04A5 (ҥ), // U+04C8 (ӈ), U+04CA (ӊ), U+050B (ԋ), U+0527 (ԧ), U+0529 (ԩ)} => h // - {U+0138 (ĸ), U+03BA (κ), U+043A (к), U+049B (қ), U+049D (ҝ), // U+049F (ҟ), U+04A1(ҡ), U+04C4 (ӄ), U+051F (ԟ)} => k - // - {U+014B (ŋ), U+043F (п)} => n + // - {U+014B (ŋ), U+043F (п), U+0525 (ԥ)} => n + // - U+0153 (œ) => "ce" + // TODO: see https://crbug.com/843352 for further work on + // U+0525 and U+0153. // - {U+0167 (ŧ), U+0442 (т), U+04AD (ҭ), U+050F (ԏ)} => t // - {U+0185 (ƅ), U+044C (ь), U+048D (ҍ), U+0432 (в)} => b // - {U+03C9 (ω), U+0448 (ш), U+0449 (щ), U+0E1F (ฟ)} => w @@ -169,16 +173,17 @@ IDNSpoofChecker::IDNSpoofChecker() { // - {U+050D (ԍ), U+100c (ဌ)} => g // - {U+0D1F (ട), U+0E23 (ร)} => s // - U+1042 (၂) => j - // - {U+0437 (з), U+04E1 (ӡ)} => 3 + // - {U+0437 (з), U+0499 (ҙ), U+04E1 (ӡ)} => 3 extra_confusable_mapper_.reset(icu::Transliterator::createFromRules( UNICODE_STRING_SIMPLE("ExtraConf"), - icu::UnicodeString::fromUTF8("[þϼҏ] > p; [ħнћңҥӈӊԋԧԩ] > h;" - "[ĸκкқҝҟҡӄԟ] > k; [ŋп] > n; [ŧтҭԏ] > t;" - "[ƅьҍв] > b; [ωшщฟ] > w; [мӎ] > m;" - "[єҽҿၔ] > e; ґ > r; [ғӻ] > f; [ҫင] > c;" - "ұ > y; [χҳӽӿ] > x;" - "ԃ > d; [ԍဌ] > g; [ടร] > s; ၂ > j;" - "[зӡ] > 3"), + icu::UnicodeString::fromUTF8( + "[æӕ] > ae; [þϼҏ] > p; [ħнћңҥӈӊԋԧԩ] > h;" + "[ĸκкқҝҟҡӄԟ] > k; [ŋпԥ] > n; œ > ce;" + "[ŧтҭԏ] > t; [ƅьҍв] > b; [ωшщฟ] > w;" + "[мӎ] > m; [єҽҿၔ] > e; ґ > r; [ғӻ] > f;" + "[ҫင] > c; ұ > y; [χҳӽӿ] > x;" + "ԃ > d; [ԍဌ] > g; [ടร] > s; ၂ > j;" + "[зҙӡ] > 3"), UTRANS_FORWARD, parse_error, status)); DCHECK(U_SUCCESS(status)) << "Spoofchecker initalization failed due to an error: " @@ -270,8 +275,6 @@ bool IDNSpoofChecker::SafeToDisplayAsUnicode(base::StringPiece16 label, // - Disallow three Hiragana letters (U+307[8-A]) or Katakana letters // (U+30D[8-A]) that look exactly like each other when they're used in a // label otherwise entirely in Katakna or Hiragana. - // - Disallow U+0585 (Armenian Small Letter Oh) and U+0581 (Armenian Small - // Letter Co) to be next to Latin. // - Disallow combining diacritical mark (U+0300-U+0339) after a non-LGC // character. Other combining diacritical marks are not in the allowed // character set. diff --git a/chromium/components/url_formatter/top_domains/test_domains.list b/chromium/components/url_formatter/top_domains/test_domains.list index 0f0be0e2e23..7f5df3d8e59 100644 --- a/chromium/components/url_formatter/top_domains/test_domains.list +++ b/chromium/components/url_formatter/top_domains/test_domains.list @@ -18,3 +18,5 @@ ld.com cegjo.com wsws.com 1234567890.com +aece.com +aen.com diff --git a/chromium/components/url_formatter/top_domains/test_skeletons.gperf b/chromium/components/url_formatter/top_domains/test_skeletons.gperf index 0646188e9fe..9d508ad29b9 100644 --- a/chromium/components/url_formatter/top_domains/test_skeletons.gperf +++ b/chromium/components/url_formatter/top_domains/test_skeletons.gperf @@ -28,4 +28,6 @@ lgd.corn, 1 cegjo.corn, 1 wsws.corn, 1 l23456789O.corn, 1 +aece.corn, 1 +aen.corn, 1 %% diff --git a/chromium/components/url_formatter/url_formatter_unittest.cc b/chromium/components/url_formatter/url_formatter_unittest.cc index d182e5a4259..eaa585bbe2e 100644 --- a/chromium/components/url_formatter/url_formatter_unittest.cc +++ b/chromium/components/url_formatter/url_formatter_unittest.cc @@ -527,6 +527,8 @@ const IDNTestCase idn_cases[] = { {"xn--13457890-e7g0943b.com", L"1\x14bf" L"345\x0431" L"7890.com", false}, // 12з4567890.com {"xn--124567890-10h.com", L"12\x0437" L"4567890.com", false}, + // 12ҙ4567890.com + {"xn--124567890-1ti.com", L"12\x0499" L"4567890.com", false}, // 12ӡ4567890.com {"xn--124567890-mfj.com", L"12\x04e1" L"4567890.com", false}, // 123Ꮞ567890.com @@ -540,6 +542,15 @@ const IDNTestCase idn_cases[] = { // 123456789ꓳ.com {"xn--123456789-tx75a.com", L"123456789\xa4f3.com", false}, + // aeœ.com + {"xn--ae-fsa.com", L"ae\x0153.com", false}, + // æce.com + {"xn--ce-0ia.com", L"\x00e6" L"ce.com", false}, + // æœ.com + {"xn--6ca2t.com", L"\x00e6\x0153.com", false}, + // ӕԥ.com + {"xn--y5a4n.com", L"\x04d5\x0525.com", false}, + // ငၔဌ၂ဝ.com (entirely made of Myanmar characters) {"xn--ridq5c9hnd.com", L"\x1004\x1054\x100c" L"\x1042\x101d.com", false}, |