ChatSecure-iOS icon indicating copy to clipboard operation
ChatSecure-iOS copied to clipboard
verified publisher icon ChatSecure

Chatsecure fails to download aesgcm when there is an IDN character in the domain name.

Open FennyFatal opened this issue 5 years ago • 2 comments

Example aesgcm url that breaks FileTransfer:

aesgcm://ᐁ.cc:5281/upload/BaaYRWXwqI0H2a4_/GNCwmaeNT-O77Q3v1HVdvA.jpg#cf11ea282f8d2a67a1195cb6fd224c1830a56191bd5c412f3390c7755317bf13f85e26790c7ec2bb62d9e46a9e914bdd

FennyFatal avatar Feb 29 '20 18:02 FennyFatal

I don't actually have an iOS device to test with, but my first suspicions are:

Perhaps the regular expression generated here does not handle IDN characters properly.

https://github.com/ChatSecure/ChatSecure-iOS/blob/0f516da16348e7ec3934d09fbb893540e0250716/ChatSecureCore/Classes/Controllers/FileTransferManager.swift#L934

  • Maybe the regular expression can be expanded to be more inclusive

Perhaps the native iOS layer does not handle the IDN character properly here:

https://github.com/ChatSecure/ChatSecure-iOS/blob/0f516da16348e7ec3934d09fbb893540e0250716/ChatSecureCore/Classes/Controllers/FileTransferManager.swift#L598

  • Perhaps applying punycode to the domain component before attempting to download the file can help.

FennyFatal avatar Apr 08 '20 15:04 FennyFatal

I have looked into the specification for the RFC, and I can confirm that the url is meant to be sent over the wire as unicode, and not punycoded, so this ought not to be a server-side change.

FennyFatal avatar Apr 08 '20 15:04 FennyFatal