d972dc2de9
The old implementation of Jar made the assumption that the host names in the URLs given to SetCookies() and Cookies() methods are well-formed. This is not an unreasonable assumption as malformed host names do not trigger calls to SetCookies or Cookies (at least not from net/http) as the HTTP request themselves are not executed. But there can be other invocations of these methods and at least on Linux it was possible to make DNS lookup to domain names with two trailing dots (see issue #7122). This is an old bug and this CL revives an old change (see https://codereview.appspot.com/52100043) to fix the issue. The discussion around 52100043 focused on the interplay between the jar and the public suffix list and who is responsible for which type if domain name canonicalization. The new bug report in issue #19384 used a nil public suffix list which demonstrates that the package cookiejar alone exhibits this problem and any solution cannot be fully delegated to the implementation of the used PublicSuffixList: Package cookiejar itself needs to protect against host names of the form ".." which triggered an out-of-bounds error. This CL does not address the issue of host name canonicalization and the question who is responsible for it. This CL just prevents the out-of-bounds error: It is a very conservative change, i.e. one might still set and retrieve cookies for host names like "weird.stuf...". Several more test cases document how the current code works. Fixes #19384. Change-Id: I14be080e8a2a0b266ced779f2aeb18841b730610 Reviewed-on: https://go-review.googlesource.com/37843 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> |
||
|---|---|---|
| .github | ||
| api | ||
| doc | ||
| lib/time | ||
| misc | ||
| src | ||
| test | ||
| .gitattributes | ||
| .gitignore | ||
| AUTHORS | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS | ||
| favicon.ico | ||
| LICENSE | ||
| PATENTS | ||
| README.md | ||
| robots.txt | ||
The Go Programming Language
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.
Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Download and Install
Binary Distributions
Official binary distributions are available at https://golang.org/dl/.
After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.
Install From Source
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.
Contributing
Go is the work of hundreds of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Note that the Go project does not use GitHub pull requests, and that we use the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.