]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab52ad8)
net/url: validate ports in IPv4 addresses
authorMohit Agarwal <mohit@sdf.org>
Thu, 21 Apr 2016 19:17:04 +0000 (00:47 +0530)
committerBrad Fitzpatrick <bradfitz@golang.org>
Fri, 22 Apr 2016 21:43:22 +0000 (21:43 +0000)
Fixes #14860

Change-Id: Id55ad942d45a104d560a879d6e8e1aa09671789b
Reviewed-on: https://go-review.googlesource.com/22351
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/net/url/url.go patch | blob | history
src/net/url/url_test.go patch | blob | history

diff --git a/src/net/url/url.go b/src/net/url/url.go
index d9c8c49e94a48393047f3dfa94070b65ebc66f2a..05b41fa964a9ccde6ab7d88eeb3512f91f5f34c4 100644 (file)
--- a/src/net/url/url.go
+++ b/src/net/url/url.go
@@ -573,8 +573,12 @@ func parseHost(host string) (string, error) {
                        }
                        return host1 + host2 + host3, nil
                }
+       } else if i := strings.LastIndex(host, ":"); i > 0 {
+               colonPort := host[i:]
+               if !validOptionalPort(colonPort) {
+                       return "", fmt.Errorf("invalid port %q after host", colonPort)
+               }
        }
-
        var err error
        if host, err = unescape(host, encodeHost); err != nil {
                return "", err
diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go
index 7560f22c4a1e2a7f258b7d4f2f256a6e02859938..da6bc2843e52b06249ba3c87e4468655bd5e079c 100644 (file)
--- a/src/net/url/url_test.go
+++ b/src/net/url/url_test.go
@@ -418,10 +418,10 @@ var urltests = []URLTest{
        },
        // worst case host, still round trips
        {
-               "scheme://!$&'()*+,;=hello!:port/path",
+               "scheme://!$&'()*+,;=hello!:8080/path",
                &URL{
                        Scheme: "scheme",
-                       Host:   "!$&'()*+,;=hello!:port",
+                       Host:   "!$&'()*+,;=hello!:8080",
                        Path:   "/path",
                },
                "",
@@ -636,8 +636,10 @@ var parseRequestURLTests = []struct {
        {"*", true},
        {"http://192.168.0.1/", true},
        {"http://192.168.0.1:8080/", true},
+       {"http://192.168.0.1:foo/", false},
        {"http://[fe80::1]/", true},
        {"http://[fe80::1]:8080/", true},
+       {"http://[fe80::1]:foo/", false},
 
        // Tests exercising RFC 6874 compliance:
        {"http://[fe80::1%25en0]/", true},                 // with alphanum zone identifier
Go GOST TLS 1.3