mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src/net
History
Didier Spezia b7fa4f27ba net/http/fcgi: fix panic with malformed params record 
As stated in FastCGI specifications:

FastCGI transmits a name-value pair as the length of the name,
followed by the length of the value, followed by the name,
followed by the value.

The current implementation trusts the name and value length
provided in the record, leading to a panic if the record
is malformed.

Added an explicit check on the lengths.

Test case and fix suggested by diogin@gmail.com (Jingcheng Zhang)

Fixes #11824

Change-Id: I883a1982ea46465e1fb02e0e02b6a4df9e529ae4
Reviewed-on: https://go-review.googlesource.com/15015
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
 		2015-09-27 06:57:03 +00:00
..
http net/http/fcgi: fix panic with malformed params record 2015-09-27 06:57:03 +00:00
internal/socktest all: fix misprints in comments 2015-06-11 14:18:57 +00:00
mail net/mail: fix build. 2015-08-11 06:42:12 +00:00
rpc net/rpc: don't exit if Accept gets an error 2015-09-03 21:17:08 +00:00
smtp net/smtp: give example addrs in docs 2015-07-15 05:34:29 +00:00
testdata net: fix parsing literal IP addresses in local database 2015-06-02 11:47:06 +00:00
textproto net/textproto: don't treat spaces as hyphens in header keys 2015-06-30 17:59:02 +00:00
url net/url: allow all valid host chars in RawPath 2015-08-06 02:59:16 +00:00
addrselect.go net: classify site-local unicast in address selection 2015-07-18 01:35:25 +00:00
addrselect_test.go net: classify site-local unicast in address selection 2015-07-18 01:35:25 +00:00
cgo_android.go net: clean up cgo 2015-04-17 23:19:19 +00:00
cgo_bsd.go net: clean up cgo 2015-04-17 23:19:19 +00:00
cgo_linux.go net: clean up cgo 2015-04-17 23:19:19 +00:00
cgo_netbsd.go net: clean up cgo 2015-04-17 23:19:19 +00:00
cgo_openbsd.go net: clean up cgo 2015-04-17 23:19:19 +00:00
cgo_resnew.go net: fix build on android 2015-06-18 00:45:12 +00:00
cgo_resold.go net: fix build on android 2015-06-18 00:45:12 +00:00
cgo_socknew.go net: allow LookupAddr to use getnameinfo when cgo is enabled 2015-06-17 00:28:31 +00:00
cgo_sockold.go net: allow LookupAddr to use getnameinfo when cgo is enabled 2015-06-17 00:28:31 +00:00
cgo_solaris.go net: add -lsendfile to cgo LDFLAGS for solaris 2015-08-30 22:01:07 +00:00
cgo_stub.go net: add mechanisms to force go or cgo lookup, and to debug default strategy 2015-07-09 22:19:41 +00:00
cgo_unix.go net: force LookupAddr results to be rooted DNS paths when using cgo 2015-08-19 04:20:27 +00:00
cgo_unix_test.go net: enable cgo test on solaris 2015-05-09 02:58:50 +00:00
cgo_windows.go net: clean up cgo 2015-04-17 23:19:19 +00:00
conf.go net: respect go vs cgo resolver selection in all lookup routines 2015-08-19 04:20:37 +00:00
conf_netcgo.go net: add mechanisms to force go or cgo lookup, and to debug default strategy 2015-07-09 22:19:41 +00:00
conf_test.go net: add mechanisms to force go or cgo lookup, and to debug default strategy 2015-07-09 22:19:41 +00:00
conn_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
dial.go net: compute the Dialer deadline exactly once. 2015-07-23 01:19:12 +00:00
dial_gen.go net: add Source field to OpError 2015-04-29 22:37:30 +00:00
dial_test.go net: Increase the acceptable delay in TestDialerDualstack 2015-08-31 21:36:04 +00:00
dnsclient.go net: make DNSError.Temporary return true on SERVFAIL 2015-09-04 17:53:54 +00:00
dnsclient_test.go net: make DNSError.Temporary return true on SERVFAIL 2015-09-04 17:53:54 +00:00
dnsclient_unix.go net: drop redundant domain name length check 2015-08-23 10:43:46 +00:00
dnsclient_unix_test.go net: don't return DNS query results including the second best records unconditionally 2015-07-28 08:39:26 +00:00
dnsconfig_unix.go net: make go DNS use localhost if resolv.conf is missing or empty 2015-04-30 18:19:00 +00:00
dnsconfig_unix_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
dnsmsg.go net: check 'ok' return in dnsmsg when initially packing rr.Header() 2015-09-20 02:55:16 +00:00
dnsmsg_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
dnsname_test.go net: simplify sync.Once calls in tests 2015-05-14 01:47:35 +00:00
error_plan9_test.go net: deflake timeout, deadline tests 2015-04-29 23:37:21 +00:00
error_posix_test.go net: make spuriousENOTAVAIL to be able to parse EADDRNOTAVAIL correctly 2015-07-28 11:52:56 +00:00
error_test.go net: skip TestProtocolDialError on solaris 2015-06-16 17:35:46 +00:00
example_test.go
external_test.go net: fix the series of TestLookup and external tests 2015-05-20 07:54:37 +00:00
fd_mutex.go
fd_mutex_test.go
fd_plan9.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
fd_poll_nacl.go net: remove the dregs of old built-in poll server 2015-02-04 10:16:38 +00:00
fd_poll_runtime.go net: remove the dregs of old built-in poll server 2015-02-04 10:16:38 +00:00
fd_posix.go net: don't return io.EOF on reading data from datagram, raw sockets on windows 2015-01-01 05:21:32 +00:00
fd_posix_test.go net: don't return io.EOF on reading data from datagram, raw sockets on windows 2015-01-01 05:21:32 +00:00
fd_unix.go all: link to https instead of http 2015-07-11 14:36:33 +00:00
fd_windows.go all: use one 'l' when cancelling everywhere except Solaris 2015-09-11 18:31:51 +00:00
file.go Revert "net, internal/syscall/unix: add SocketConn, SocketPacketConn" 2015-07-02 16:11:03 +00:00
file_plan9.go Revert "net, internal/syscall/unix: add SocketConn, SocketPacketConn" 2015-07-02 16:11:03 +00:00
file_stub.go Revert "net, internal/syscall/unix: add SocketConn, SocketPacketConn" 2015-07-02 16:11:03 +00:00
file_test.go all: fix misprints in comments 2015-06-11 14:18:57 +00:00
file_unix.go Revert "net, internal/syscall/unix: add SocketConn, SocketPacketConn" 2015-07-02 16:11:03 +00:00
file_windows.go Revert "net, internal/syscall/unix: add SocketConn, SocketPacketConn" 2015-07-02 16:11:03 +00:00
hook.go net: add sequential and RFC 6555-compliant TCP dialing. 2015-06-16 02:38:21 +00:00
hook_cloexec.go net: add socket system call hooks for testing 2015-03-31 23:07:42 +00:00
hook_plan9.go net: deflake TestDialTimeout 2015-04-02 01:04:49 +00:00
hook_unix.go net: add Listen system call hook for testing 2015-04-15 11:47:49 +00:00
hook_windows.go net: add Listen system call hook for testing 2015-04-15 11:47:49 +00:00
hosts.go net: fix parsing literal IP addresses in local database 2015-06-02 11:47:06 +00:00
hosts_test.go net: remove obsolete TestLookupHost 2015-06-16 17:37:29 +00:00
interface.go net: add Source field to OpError 2015-04-29 22:37:30 +00:00
interface_bsd.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
interface_bsd_test.go net: relax IP interface address determination on linux 2015-06-27 00:39:30 +00:00
interface_darwin.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
interface_dragonfly.go
interface_freebsd.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
interface_linux.go net: relax IP interface address determination on linux 2015-06-27 00:39:30 +00:00
interface_linux_test.go net: relax IP interface address determination on linux 2015-06-27 00:39:30 +00:00
interface_netbsd.go
interface_openbsd.go
interface_stub.go
interface_test.go net: simplify sync.Once calls in tests 2015-05-14 01:47:35 +00:00
interface_unix_test.go net: relax IP interface address determination on linux 2015-06-27 00:39:30 +00:00
interface_windows.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
ip.go net: fix misidentification of link-local, global unicast IP addresses 2015-07-10 07:30:33 +00:00
ip_test.go net: do not look up abc by default 2015-07-22 20:29:02 +00:00
ipraw_test.go net: ensure that ResolveIPAddr(addr.String()) reproduces addr 2015-07-10 06:51:55 +00:00
iprawsock.go net: ensure that ResolveIPAddr(addr.String()) reproduces addr 2015-07-10 06:51:55 +00:00
iprawsock_plan9.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
iprawsock_posix.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
ipsock.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
ipsock_plan9.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
ipsock_posix.go net: Make Listen(":port") use IPv6 when IPv4 is not supported. 2015-09-05 02:31:22 +00:00
ipsock_test.go net: don't run IP stack required tests on IP stack disabled kernels 2015-05-07 01:50:23 +00:00
listen_test.go net: disable dualstack listener tests on dragonfly 2015-06-09 08:21:21 +00:00
lookup.go net: restore LookupPort for integer strings 2015-08-27 16:17:21 +00:00
lookup_plan9.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
lookup_stub.go net: LookupHost and Resolve{TCP,UDP,IP}Addr should use zone from getaddrinfo 2015-03-08 09:58:11 +00:00
lookup_test.go net: force LookupAddr results to be rooted DNS paths when using cgo 2015-08-19 04:20:27 +00:00
lookup_unix.go net: respect go vs cgo resolver selection in all lookup routines 2015-08-19 04:20:37 +00:00
lookup_windows.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
lookup_windows_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
mac.go net: allow ParseMAC to parse 20-octet IPoIB link-layer address 2015-08-24 16:34:43 +00:00
mac_test.go net: allow ParseMAC to parse 20-octet IPoIB link-layer address 2015-08-24 16:34:43 +00:00
main_cloexec_test.go net: add socket system call hooks for testing 2015-03-31 23:07:42 +00:00
main_plan9_test.go net: deflake TestDialGoogle, TestResolveDialGoogle 2015-04-03 01:50:30 +00:00
main_posix_test.go net: fix TestDialGoogle with -ipv6 when CGO_ENABLED=0 2015-04-16 00:44:52 +00:00
main_test.go net: adjust dual stack support on dragonfly 2015-05-23 05:22:57 +00:00
main_unix_test.go net: add Listen system call hook for testing 2015-04-15 11:47:49 +00:00
main_windows_test.go net: add Listen system call hook for testing 2015-04-15 11:47:49 +00:00
mockserver_test.go net: fix panic in TestDialerDualStack 2015-05-22 03:27:59 +00:00
net.go net: remove named parameters in Listener.Accept doc signature 2015-09-15 04:07:24 +00:00
net_test.go net: add missing Close tests 2015-04-29 23:01:45 +00:00
net_windows_test.go net: relax error checking in TestAcceptIgnoreSomeErrors 2015-05-12 04:02:25 +00:00
netgo_unix_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
non_unix_test.go net: force LookupAddr results to be rooted DNS paths when using cgo 2015-08-19 04:20:27 +00:00
nss.go net: use Go's DNS resolver when system configuration permits 2015-04-23 02:48:43 +00:00
nss_test.go net: use Go's DNS resolver when system configuration permits 2015-04-23 02:48:43 +00:00
packetconn_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
parse.go net: add mechanisms to force go or cgo lookup, and to debug default strategy 2015-07-09 22:19:41 +00:00
parse_test.go net: add mechanisms to force go or cgo lookup, and to debug default strategy 2015-07-09 22:19:41 +00:00
pipe.go net: add Source field to OpError 2015-04-29 22:37:30 +00:00
pipe_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
platform_test.go net: Make Listen(":port") use IPv6 when IPv4 is not supported. 2015-09-05 02:31:22 +00:00
port.go net: fix inconsistent error values on Lookup 2015-04-21 05:16:07 +00:00
port_test.go net: restore LookupPort for integer strings 2015-08-27 16:17:21 +00:00
port_unix.go net: fix inconsistent error values on Lookup 2015-04-21 05:16:07 +00:00
protoconn_test.go net: simplify error messages in tests 2015-05-06 09:25:08 +00:00
race.go
race0.go
sendfile_dragonfly.go net: fix comment in sendFile 2015-05-06 12:27:07 +00:00
sendfile_freebsd.go net: fix comment in sendFile 2015-05-06 12:27:07 +00:00
sendfile_linux.go net: fix comment in sendFile 2015-05-06 12:27:07 +00:00
sendfile_solaris.go net: fix inconsistent error values on Read for solaris 2015-05-06 12:43:45 +00:00
sendfile_stub.go syscall, net: use sendfile on Solaris 2015-05-06 12:26:35 +00:00
sendfile_windows.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
server_test.go net: Make Listen(":port") use IPv6 when IPv4 is not supported. 2015-09-05 02:31:22 +00:00
sock_bsd.go
sock_cloexec.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
sock_linux.go
sock_plan9.go
sock_posix.go all: fix misprints in comments 2015-06-11 14:18:57 +00:00
sock_stub.go
sock_windows.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
sockopt_bsd.go net: adjust dual stack support on dragonfly 2015-05-23 05:22:57 +00:00
sockopt_linux.go
sockopt_plan9.go
sockopt_posix.go
sockopt_solaris.go
sockopt_stub.go
sockopt_windows.go
sockoptip_bsd.go
sockoptip_linux.go
sockoptip_posix.go
sockoptip_stub.go
sockoptip_windows.go
sys_cloexec.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
tcp_test.go net: adjust dual stack support on dragonfly 2015-05-23 05:22:57 +00:00
tcpsock.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
tcpsock_plan9.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
tcpsock_posix.go net: make spuriousENOTAVAIL to be able to parse EADDRNOTAVAIL correctly 2015-07-28 11:52:56 +00:00
tcpsockopt_darwin.go
tcpsockopt_dragonfly.go
tcpsockopt_openbsd.go
tcpsockopt_plan9.go net: fix setKeepAlivePeriod on Plan 9 2015-07-15 02:53:34 +00:00
tcpsockopt_posix.go
tcpsockopt_solaris.go net: try to fix setKeepAlivePeriod on Solaris 2015-05-06 12:03:20 +00:00
tcpsockopt_stub.go
tcpsockopt_unix.go net: try to fix setKeepAlivePeriod on Solaris 2015-05-06 12:03:20 +00:00
tcpsockopt_windows.go net: fix inconsistent errors 2015-05-05 09:40:07 +00:00
timeout_test.go net: deflake TestDialTimeout{,FDLeak} in the case of TCP simultaneous open 2015-07-27 16:09:26 +00:00
udp_test.go net: adjust dual stack support on dragonfly 2015-05-23 05:22:57 +00:00
udpsock.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
udpsock_plan9.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
udpsock_posix.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
unix_test.go net: force LookupAddr results to be rooted DNS paths when using cgo 2015-08-19 04:20:27 +00:00
unixsock.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
unixsock_plan9.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00
unixsock_posix.go net: don't return non-nil interface values as Source, Addr in OpError 2015-06-13 23:39:03 +00:00