golang/go

net/url: parseHost doesn't valid ports or contents after IPv6 literals

dvyukov opened this issue · 5 comments

URL parsing allows %-ending after [], which allows weird things like:

package main

import (
    "bufio"
    "bytes"
    "net/http"
    "os"
)

func main() {
    data := []byte("CONNECT []%20%48%54%54%50%2f%31%2e%31%0a%4d%79%48%65%61%64%65%72%3a%20%31%32%33%0a%0a HTTP/1.0\n\n")
    r, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(data)))
    if err != nil {
        panic(err)
    }
    r.WriteProxy(os.Stdout)
}
CONNECT [] HTTP/1.1
MyHeader: 123

 HTTP/1.1
Host: [] HTTP/1.1
MyHeader: 123


User-Agent: Go 1.1

%-ending must be allowed only inside of []

go version devel +a1fe3b5 Sat Jun 13 04:33:26 2015 +0000 linux/amd64

What is special about []? You can have %xx in GET /foo?req=%41 too.

Or is the bug here that we write out bogus newlines in Request.Write? That looks wrong.

Sorry, this is about host. % is not otherwise allowed in host, but after [] it is.

CL https://golang.org/cl/11414 mentions this issue.

CL https://golang.org/cl/13253 mentions this issue.