diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-10-24 15:53:20 +0200 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2018-11-01 16:08:56 +0000 |
commit | 976446bcc0e0f76550ee92f402af7475dad410ac (patch) | |
tree | 39c1b760342b329c4a06d91665abfeef79c33d2f | |
parent | 2dcf2c6d0cedaa8b889f7021e181806a4832eeec (diff) |
[Backport] Fix for CVE-2018-17473
[M70] Add additional Lao character to IDN confusables
U+0E01 (ก) => n
Prior Lao/Thai entries were added in crrev.com/c/1058710.
Test: components_unittests --gtest_filter=*IDN*
Bug: 882078
Reviewed-on: https://chromium-review.googlesource.com/1220773
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Christopher Thompson <cthomp@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#591227}(cherry picked from commit 3983030c2ee3e54afa60fe24f23e4c98067a3634)
Reviewed-on: https://chromium-review.googlesource.com/1232679
Reviewed-by: Christopher Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#514}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
Change-Id: I7e662fece358932d09f70ec242830016026dd1e1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
3 files changed, 10 insertions, 2 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc index 09e9475086f..922627bc6e7 100644 --- a/chromium/components/url_formatter/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/idn_spoof_checker.cc @@ -155,7 +155,7 @@ IDNSpoofChecker::IDNSpoofChecker() { // U+04C8 (ӈ), U+04CA (ӊ), U+050B (ԋ), U+0527 (ԧ), U+0529 (ԩ)} => h // - {U+0138 (ĸ), U+03BA (κ), U+043A (к), U+049B (қ), U+049D (ҝ), // U+049F (ҟ), U+04A1(ҡ), U+04C4 (ӄ), U+051F (ԟ)} => k - // - {U+014B (ŋ), U+043F (п), U+0525 (ԥ)} => n + // - {U+014B (ŋ), U+043F (п), U+0525 (ԥ), U+0E01 (ก)} => n // - U+0153 (œ) => "ce" // TODO: see https://crbug.com/843352 for further work on // U+0525 and U+0153. @@ -180,7 +180,7 @@ IDNSpoofChecker::IDNSpoofChecker() { UNICODE_STRING_SIMPLE("ExtraConf"), icu::UnicodeString::fromUTF8( "[æӕ] > ae; [þϼҏ] > p; [ħнћңҥӈӊԋԧԩ] > h;" - "[ĸκкқҝҟҡӄԟ] > k; [ŋпԥ] > n; œ > ce;" + "[ĸκкқҝҟҡӄԟ] > k; [ŋпԥก] > n; œ > ce;" "[ŧтҭԏ] > t; [ƅьҍв] > b; [ωшщพฟພຟ] > w;" "[мӎ] > m; [єҽҿၔ] > e; ґ > r; [ғӻ] > f;" "[ҫင] > c; ұ > y; [χҳӽӿ] > x;" diff --git a/chromium/components/url_formatter/top_domains/test_domains.list b/chromium/components/url_formatter/top_domains/test_domains.list index 0a654469a28..466caf995c3 100644 --- a/chromium/components/url_formatter/top_domains/test_domains.list +++ b/chromium/components/url_formatter/top_domains/test_domains.list @@ -22,3 +22,4 @@ wsou.com 1234567890.com aece.com aen.com +n11.com diff --git a/chromium/components/url_formatter/url_formatter_unittest.cc b/chromium/components/url_formatter/url_formatter_unittest.cc index 1a65f9c59a6..5d028e9263d 100644 --- a/chromium/components/url_formatter/url_formatter_unittest.cc +++ b/chromium/components/url_formatter/url_formatter_unittest.cc @@ -620,6 +620,13 @@ const IDNTestCase idn_cases[] = { // ຟຮ໐ບ.com {"xn--f7cj9b5h.com", L"\x0e9f\x0eae" L"\x0ed0\x0e9a.com", false}, + // Lao character that looks like n. + // ก11.com + {"xn--11-lqi.com", + L"\x0e01" + L"11.com", + false}, + // At one point the skeleton of 'w' was 'vv', ensure that // that it's treated as 'w'. {"xn--wder-qqa.com", |