]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aced4c7)
net/url: disallow raw IPv6 addresses in host
authorSean Liao <sean@liao.dev>
Thu, 9 Oct 2025 00:56:09 +0000 (01:56 +0100)
committerDamien Neil <dneil@google.com>
Fri, 10 Oct 2025 21:47:41 +0000 (14:47 -0700)
RFC 3986 requires square brackets around IPv6 addresses.
Parse's acceptance of raw IPv6 addresses is non compliant,
and complicates splitting out a port.

Fixes #31024
Fixes #75223

Change-Id: I477dc420a7441cb33156627dbd5e46d88c677f1e
Reviewed-on: https://go-review.googlesource.com/c/go/+/710176
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
src/net/url/url.go patch | blob | history
src/net/url/url_test.go patch | blob | history

diff --git a/src/net/url/url.go b/src/net/url/url.go
index 6afa30f162bd2589d98992bdcca9f1fecc369a7f..a69754880149a965fee9c812100afdb964c51b61 100644 (file)
--- a/src/net/url/url.go
+++ b/src/net/url/url.go
@@ -698,7 +698,9 @@ func parseHost(host string) (string, error) {
                        return "", errors.New("invalid IP-literal")
                }
                return "[" + unescapedHostname + "]" + unescapedColonPort, nil
-       } else if i := strings.LastIndex(host, ":"); i != -1 {
+       } else if i := strings.Index(host, ":"); i != -1 {
+               // IPv4address / reg-name
+               // E.g. 1.2.3.4, 1.2.3.4:80, example.com, example.com:80
                colonPort := host[i:]
                if !validOptionalPort(colonPort) {
                        return "", fmt.Errorf("invalid port %q after host", colonPort)
diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go
index 6084facacc0519b0caebd232b67d0f8edbf43898..a7543d6fd40b1e3d521e0aa764b27116eebcc9e5 100644 (file)
--- a/src/net/url/url_test.go
+++ b/src/net/url/url_test.go
@@ -506,26 +506,6 @@ var urltests = []URLTest{
                },
                "",
        },
-       {
-               // Malformed IPv6 but still accepted.
-               "http://2b01:e34:ef40:7730:8e70:5aff:fefe:edac:8080/foo",
-               &URL{
-                       Scheme: "http",
-                       Host:   "2b01:e34:ef40:7730:8e70:5aff:fefe:edac:8080",
-                       Path:   "/foo",
-               },
-               "",
-       },
-       {
-               // Malformed IPv6 but still accepted.
-               "http://2b01:e34:ef40:7730:8e70:5aff:fefe:edac:/foo",
-               &URL{
-                       Scheme: "http",
-                       Host:   "2b01:e34:ef40:7730:8e70:5aff:fefe:edac:",
-                       Path:   "/foo",
-               },
-               "",
-       },
        {
                "http://[2b01:e34:ef40:7730:8e70:5aff:fefe:edac]:8080/foo",
                &URL{
@@ -735,6 +715,9 @@ var parseRequestURLTests = []struct {
        {"https://[0:0::test.com]:80", false},
        {"https://[2001:db8::test.com]", false},
        {"https://[test.com]", false},
+       {"https://1:2:3:4:5:6:7:8", false},
+       {"https://1:2:3:4:5:6:7:8:80", false},
+       {"https://example.com:80:", false},
 }
 
 func TestParseRequestURI(t *testing.T) {
Go GOST TLS 1.3