contrib/fasthttp
1
0
Fork 0
mirror of https://github.com/valyala/fasthttp.git synced 2026-06-16 16:17:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Reject bad ipv6 hostnames (#2076)

Browse Source
This commit is contained in:
Erik Dubbelboer
2025-10-05 09:14:32 +08:00
committed by GitHub
parent f18eb9ef0c
commit a17ec74999
2 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
uri.go
+13 -6
View File
@@ -445,13 +445,20 @@ func parseHost(host []byte) ([]byte, error) {
}
return append(host1, append(host2, host3...)...), nil
}
} else if i := bytes.LastIndexByte(host, ':'); i != -1 {
if bytes.IndexByte(host[:i], ':') != -1 {
return nil, fmt.Errorf("invalid host %q with multiple port delimiters", host)
} else {
if bytes.ContainsAny(host, "[]") {
return nil, fmt.Errorf("invalid host %q", host)
}
colonPort := host[i:]
if !validOptionalPort(colonPort) {
return nil, fmt.Errorf("invalid port %q after host", colonPort)
if i := bytes.LastIndexByte(host, ':'); i != -1 {
if bytes.IndexByte(host[:i], ':') != -1 {
return nil, fmt.Errorf("invalid host %q with multiple port delimiters", host)
}
colonPort := host[i:]
if !validOptionalPort(colonPort) {
return nil, fmt.Errorf("invalid port %q after host", colonPort)
}
}
}
uri_test.go
+16
View File
@@ -203,6 +203,22 @@ func TestURIUpdate(t *testing.T) {
testURIUpdate(t, "http://example.net/", "//example.com:8080/", "http://example.com:8080/")
}
func TestURIRejectsMixedBracketHost(t *testing.T) {
t.Parallel()
tests := []string{
"http://127.0.0.1[192.168.0.1]/",
"http://example.com[fd00::1]/",
}
for _, raw := range tests {
var u URI
if err := u.Parse(nil, []byte(raw)); err == nil {
t.Fatalf("expected error for %q", raw)
}
}
}
func testURIUpdate(t *testing.T, base, update, result string) {
var u URI
u.Parse(nil, []byte(base)) //nolint:errcheck