Closed
Bug 310361
Opened 19 years ago
Closed 19 years ago
Some Unicode characters can generate bogus ASCII in domain names
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 316444
People
(Reporter: usenet, Assigned: darin.moz)
References
(Blocks 1 open bug)
Details
(Whiteboard: [sg:dupe 316444])
Normalization of some FQDN labels can give rise to all-ASCII strings which contain characters which are illegal in RFC 1035 domain names, for example, slash characters. See bug 309128 for test cases, and in particular the test case in bug 308800. This appears to be due to some _non-ASCII_ Unicode characters being mapped by NAMEPREP _into ASCII characters_, including punctuation characters, thus resulting in all-ASCII strings containing bogus DNS characters, even when no such characters appear in the input. The Punycode logic then passes them right through to the DNS logic. Presumably the the bug arises from the illegal character check currently being carried out before NAMEPREP normalization of the FQDN labels: it should clearly be carried out _after_ NAMEPREP normalization. Or perhaps the code is even cruder, and just blindly trusts the URL parser to catch all illegal characters at parse time -- which would be a bad idea, since such a parser is inevitably complex, and likely to be a place where obscure bugs may remain hidden for long periods.
|
Reporter | |
Comment 1•19 years ago
|
||
This has been filed as a more fine-grained bug to deal with one specific issue from bug 309128, namely the smuggling of bogus ASCII characters through the DNS name/hostname code.
|
||
Updated•19 years ago
|
Summary: Some Unicode characters can generate bogius ASCII in domain names → Some Unicode characters can generate bogus ASCII in domain names
|
||
Updated•19 years ago
|
Component: Security → Networking
Product: Firefox → Core
Version: unspecified → Trunk
|
|
||
Updated•19 years ago
|
Assignee: nobody → darin
QA Contact: firefox → benc
|
||
Updated•19 years ago
|
Flags: blocking1.9a1?
Flags: blocking1.8b5?
Flags: blocking1.8.1?
Whiteboard: [sg:spoof]
|
||
Comment 2•19 years ago
|
||
This bug is about fixing the NAMEPREP/character-checking logic, not about fixing the DNS lookup code (which is bug 304904 and friends), right? Given that we have the check in the DNS lookup code, is there still a security issue here? Gerv
|
||
Comment 3•19 years ago
|
||
dveditz, can you comment here? thanks.
|
|
||
Comment 4•19 years ago
|
||
we're wrapping up this release tonight and this isn't moving so it's probably not going to make it.
Flags: blocking1.8b5? → blocking1.8b5-
|
|
||
Updated•19 years ago
|
Whiteboard: [sg:spoof] → [sg:low IDN-spoof]
|
|
||
Comment 5•19 years ago
|
||
(In reply to comment #2) > bug 304904 and friends) Given that we have > the check in the DNS lookup code, is there still a security issue here? Yes, because the actual 304904 checkin was too limited.
|
|
Reporter | |
Comment 6•19 years ago
|
||
*** This bug has been marked as a duplicate of 316444 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•18 years ago
|
Whiteboard: [sg:low IDN-spoof] → [sg:dupe 316444]
Flags: blocking1.9a1?
|
|
||
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•