]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 399fec2)
mime: correctly detect non-ASCII characters in FormatMediaType
authorDavid Heuschmann <heuschmann.d@gmail.com>
Tue, 20 Nov 2018 10:11:59 +0000 (11:11 +0100)
committerIan Lance Taylor <iant@golang.org>
Tue, 20 Nov 2018 14:39:44 +0000 (14:39 +0000)
FormatMediaType used rune&0x80==0 to check if parameter values consisted
of valid ascii charaters. Comparing strings using their runes instead of
their bytes leads to some non-ascii strings to pass as valid.

E.g. the rune for 'Ą' is 0x104, 0x104 & 0x80 => 0. Its byte
representation is 0xc4 0x84, both of which result in non zero values
when masked with 0x80

Fixes #28849

Change-Id: Ib9fb4968bcbbec0197d81136f380d40a2a56c14b
Reviewed-on: https://go-review.googlesource.com/c/150417
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
src/mime/mediatype.go patch | blob | history
src/mime/mediatype_test.go patch | blob | history

diff --git a/src/mime/mediatype.go b/src/mime/mediatype.go
index 3d480a9d7e7c409524bafaba2f618379a5c3e740..fc6e0d0673d5481d11441833436c59a164fa8aab 100644 (file)
--- a/src/mime/mediatype.go
+++ b/src/mime/mediatype.go
@@ -56,7 +56,7 @@ func FormatMediaType(t string, param map[string]string) string {
 
                b.WriteByte('"')
                offset := 0
-               for index, character := range value {
+               for index, character := range []byte(value) {
                        if character == '"' || character == '\\' {
                                b.WriteString(value[offset:index])
                                offset = index
diff --git a/src/mime/mediatype_test.go b/src/mime/mediatype_test.go
index 35b311a4a58b1d9cd099de8885b357f4e8d1ac88..945a8189e171c944ed58997368d396adc0bf98bb 100644 (file)
--- a/src/mime/mediatype_test.go
+++ b/src/mime/mediatype_test.go
@@ -481,6 +481,8 @@ var formatTests = []formatTest{
        {"noslash", map[string]string{"X": "Y"}, "noslash; x=Y"}, // e.g. Content-Disposition values (RFC 2183); issue 11289
        {"foo bar/baz", nil, ""},
        {"foo/bar baz", nil, ""},
+       {"attachment", map[string]string{"filename": "ĄĄŽŽČČŠŠ"}, ""},
+       {"attachment", map[string]string{"filename": "ÁÁÊÊÇÇÎÎ"}, ""},
        {"foo/BAR", nil, "foo/bar"},
        {"foo/BAR", map[string]string{"X": "Y"}, "foo/bar; x=Y"},
        {"foo/BAR", map[string]string{"space": "With space"}, `foo/bar; space="With space"`},
Go GOST TLS 1.3