[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    kdelibs/kdecore/network
From:       Thiago Macieira <thiago () kde ! org>
Date:       2005-04-05 2:05:48
Message-ID: 20050405020548.5F489492 () office ! kde ! org
[Download RAW message or body]

CVS commit by thiago: 

Instead of returning the original domain lowercased, rejoin the
multiple parts with periods. In most cases, this won't make a
difference, but IDN spec allows other separators in domain names other
than the dot.

I do not believe this to be a security risk, nor a source of
phishing/scams. Unlike the homograph attack (which prompted this
return to be added in the first place), you cannot create a
near-looking domain with this feature: the domain IS the same.
i.e., www.google.com === www.google。com

CCMAIL:security@kde.org


  M +1 -1      kresolver.cpp   1.46


--- kdelibs/kdecore/network/kresolver.cpp  #1.45:1.46
@@ -895,5 +895,5 @@ QCString KResolver::domainToAscii(const 
   // Do we allow IDN names for this TLD?
   if (input.count() && !idnDomains->contains(input[input.count()-1].lower()))
-    return unicodeDomain.lower().latin1(); // No IDN allowed for this TLD
+    return input.join(".").lower().latin1(); // No IDN allowed for this TLD
 
   // 3) decide whether to enforce the STD3 rules for chars < 0x7F


[prev in list] [next in list] [prev in thread] [next in thread]