qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-19 15:54:46 -07:00
Code Releases Activity

net/textproto: ignore initial lines with leading whitespaces in ReadMIMEHeader

Browse Source 
A header line with leading whitespaces is not valid in HTTP as per
RFC7230. This change ignores these invalid lines in ReadMIMEHeader.

Updates #22464

Change-Id: Iff9f00380d28a9617a55ff7888a76fba82001402
Reviewed-on: https://go-review.googlesource.com/75350
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Wèi Cōngruì 2017-11-02 14:23:32 +08:00 committed by Brad Fitzpatrick
parent 17f35c6993
commit 5d0cab0367
4 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/net/http/readrequest_test.go
View File

@ -401,6 +401,26 @@ var reqTests = []reqTest{
noTrailer, noTrailer,
noError, noError,
}, },
// leading whitespace in the first header. golang.org/issue/22464
{
"GET / HTTP/1.1\r\n Foobar: ignored\r\nConnection: close\r\n\r\n",
&Request{
Method: "GET",
URL: &url.URL{
Path: "/",
},
Header: Header{"Connection": {"close"}},
Proto: "HTTP/1.1",
ProtoMajor: 1,
ProtoMinor: 1,
RequestURI: "/",
Close: true,
},
noBodyStr,
noTrailer,
noError,
},
} }
func TestReadRequest(t *testing.T) { func TestReadRequest(t *testing.T) {

22
src/net/http/response_test.go
View File

@ -555,6 +555,28 @@ some body`,
}, },
"Your Authentication failed.\r\n", "Your Authentication failed.\r\n",
}, },
// leading whitespace in the first header. golang.org/issue/22464
{
"HTTP/1.1 200 OK\r\n" +
" Content-type: text/html\r\n" +
"\tIgnore: foobar\r\n" +
"Foo: bar\r\n\r\n",
Response{
Status: "200 OK",
StatusCode: 200,
Proto: "HTTP/1.1",
ProtoMajor: 1,
ProtoMinor: 1,
Request: dummyReq("GET"),
Header: Header{
"Foo": {"bar"},
},
Close: true,
ContentLength: -1,
},
"",
},
} }
// tests successful calls to ReadResponse, and inspects the returned Response. // tests successful calls to ReadResponse, and inspects the returned Response.

8
src/net/textproto/reader.go
View File

@ -476,6 +476,14 @@ func (r *Reader) ReadMIMEHeader() (MIMEHeader, error) {
} }
m := make(MIMEHeader, hint) m := make(MIMEHeader, hint)
for r.skipSpace() > 0 {
line, err := r.readLineSlice()
if len(line) == 0 || err != nil {
return m, err
}
}
for { for {
kv, err := r.readContinuedLineSlice() kv, err := r.readContinuedLineSlice()
if len(kv) == 0 { if len(kv) == 0 {

19
src/net/textproto/reader_test.go
View File

@ -211,6 +211,25 @@ func TestReadMIMEHeaderNonCompliant(t *testing.T) {
} }
} }
func TestReadMIMEHeaderLeadingSpace(t *testing.T) {
tests := []struct {
input string
want MIMEHeader
}{
{" Ignore: ignore\r\nFoo: foo\r\n\r\n", MIMEHeader{"Foo": {"foo"}}},
{"\tIgnore: ignore\r\nFoo: foo\r\n\r\n", MIMEHeader{"Foo": {"foo"}}},
{" Ignore1: ignore\r\n Ignore2: ignore\r\nFoo: foo\r\n\r\n", MIMEHeader{"Foo": {"foo"}}},
{" Ignore1: ignore\r\n\r\n", MIMEHeader{}},
}
for _, tt := range tests {
r := reader(tt.input)
m, err := r.ReadMIMEHeader()
if !reflect.DeepEqual(m, tt.want) || err != nil {
t.Errorf("ReadMIMEHeader(%q) = %v, %v; want %v", tt.input, m, err, tt.want)
}
}
}
// Test that continued lines are properly trimmed. Issue 11204. // Test that continued lines are properly trimmed. Issue 11204.
func TestReadMIMEHeaderTrimContinued(t *testing.T) { func TestReadMIMEHeaderTrimContinued(t *testing.T) {
// In this header, \n and \r\n terminated lines are mixed on purpose. // In this header, \n and \r\n terminated lines are mixed on purpose.