From: LE Manh Cuong <cuong.manhle.vn@gmail.com>
Date: Tue, 19 Mar 2019 09:16:50 +0000 (+0700)
Subject: net/http: fix wrong mime rar signature
X-Git-Tag: go1.13beta1~978
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=349e7df2c3d0f9b5429e7c86121499c137faac7e;p=gostls13.git

net/http: fix wrong mime rar signature

MIME sniffing standard defines the RAR signature as 52 61 72 20 1A 07 00.

But this signature is wrong, the RARlab spec defines the 4th byte must
be 0x21 or "!", not 0x20 or " ". Checking a rar file also indicates that:

	$ file abc.rar
	abc.rar: RAR archive data, v1d, os: Win32
	$ head -c 7 abc.rar | od -v -t x1
	0000000 52 61 72 21 1a 07 00
	0000007

There is also an issue to fix this problem in MIME standard.

See:
 - https://www.rarlab.com/technote.htm#rarsign
 - https://github.com/whatwg/mimesniff/issues/63

Fixes #30926

Change-Id: Id2e2de7ecbf7f44d37ebaf280efd05e4972c5078
Reviewed-on: https://go-review.googlesource.com/c/go/+/167781
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
---

diff --git a/src/net/http/sniff.go b/src/net/http/sniff.go
index 114a88ccba..67a7151b0c 100644
--- a/src/net/http/sniff.go
+++ b/src/net/http/sniff.go
@@ -185,8 +185,14 @@ var sniffSignatures = []sniffSig{
 	// Archive types
 	&exactSig{[]byte("\x1F\x8B\x08"), "application/x-gzip"},
 	&exactSig{[]byte("PK\x03\x04"), "application/zip"},
-	&exactSig{[]byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"},     // RAR v1.5-v4.0
-	&exactSig{[]byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+
+	// RAR's signatures are incorrectly defined by the MIME spec as per
+	//    https://github.com/whatwg/mimesniff/issues/63
+	// However, RAR Labs correctly defines it at:
+	//    https://www.rarlab.com/technote.htm#rarsign
+	// so we use the definition from RAR Labs.
+	// TODO: do whatever the spec ends up doing.
+	&exactSig{[]byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"},     // RAR v1.5-v4.0
+	&exactSig{[]byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+
 
 	&exactSig{[]byte("\x00\x61\x73\x6D"), "application/wasm"},
 
diff --git a/src/net/http/sniff_test.go b/src/net/http/sniff_test.go
index 08ae79c285..a1157a0823 100644
--- a/src/net/http/sniff_test.go
+++ b/src/net/http/sniff_test.go
@@ -74,8 +74,10 @@ var sniffTests = []struct {
 	{"wasm sample", []byte("\x00\x61\x73\x6d\x01\x00"), "application/wasm"},
 
 	// Archive types
-	{"RAR v1.5-v4.0", []byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"},
-	{"RAR v5+", []byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"},
+	{"RAR v1.5-v4.0", []byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"},
+	{"RAR v5+", []byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"},
+	{"Incorrect RAR v1.5-v4.0", []byte("Rar \x1A\x07\x00"), "application/octet-stream"},
+	{"Incorrect RAR v5+", []byte("Rar \x1A\x07\x01\x00"), "application/octet-stream"},
 }
 
 func TestDetectContentType(t *testing.T) {