diff options
| author | LE Manh Cuong <cuong.manhle.vn@gmail.com> | 2019-03-19 16:16:50 +0700 |
|---|---|---|
| committer | Emmanuel Odeke <emm.odeke@gmail.com> | 2019-03-19 15:54:05 +0000 |
| commit | 349e7df2c3d0f9b5429e7c86121499c137faac7e (patch) | |
| tree | 3a883ec63371d0009debe1444de6bfe624c19d55 | |
| parent | b4f3b8a313a81105d923d2b7ed0b8b7524084b63 (diff) | |
| download | go-git-349e7df2c3d0f9b5429e7c86121499c137faac7e.tar.gz | |
net/http: fix wrong mime rar signature
MIME sniffing standard defines the RAR signature as 52 61 72 20 1A 07 00.
But this signature is wrong, the RARlab spec defines the 4th byte must
be 0x21 or "!", not 0x20 or " ". Checking a rar file also indicates that:
$ file abc.rar
abc.rar: RAR archive data, v1d, os: Win32
$ head -c 7 abc.rar | od -v -t x1
0000000 52 61 72 21 1a 07 00
0000007
There is also an issue to fix this problem in MIME standard.
See:
- https://www.rarlab.com/technote.htm#rarsign
- https://github.com/whatwg/mimesniff/issues/63
Fixes #30926
Change-Id: Id2e2de7ecbf7f44d37ebaf280efd05e4972c5078
Reviewed-on: https://go-review.googlesource.com/c/go/+/167781
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
| -rw-r--r-- | src/net/http/sniff.go | 10 | ||||
| -rw-r--r-- | src/net/http/sniff_test.go | 6 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/net/http/sniff.go b/src/net/http/sniff.go index 114a88ccba..67a7151b0c 100644 --- a/src/net/http/sniff.go +++ b/src/net/http/sniff.go @@ -185,8 +185,14 @@ var sniffSignatures = []sniffSig{ // Archive types &exactSig{[]byte("\x1F\x8B\x08"), "application/x-gzip"}, &exactSig{[]byte("PK\x03\x04"), "application/zip"}, - &exactSig{[]byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"}, // RAR v1.5-v4.0 - &exactSig{[]byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+ + // RAR's signatures are incorrectly defined by the MIME spec as per + // https://github.com/whatwg/mimesniff/issues/63 + // However, RAR Labs correctly defines it at: + // https://www.rarlab.com/technote.htm#rarsign + // so we use the definition from RAR Labs. + // TODO: do whatever the spec ends up doing. + &exactSig{[]byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"}, // RAR v1.5-v4.0 + &exactSig{[]byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+ &exactSig{[]byte("\x00\x61\x73\x6D"), "application/wasm"}, diff --git a/src/net/http/sniff_test.go b/src/net/http/sniff_test.go index 08ae79c285..a1157a0823 100644 --- a/src/net/http/sniff_test.go +++ b/src/net/http/sniff_test.go @@ -74,8 +74,10 @@ var sniffTests = []struct { {"wasm sample", []byte("\x00\x61\x73\x6d\x01\x00"), "application/wasm"}, // Archive types - {"RAR v1.5-v4.0", []byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"}, - {"RAR v5+", []byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"}, + {"RAR v1.5-v4.0", []byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"}, + {"RAR v5+", []byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"}, + {"Incorrect RAR v1.5-v4.0", []byte("Rar \x1A\x07\x00"), "application/octet-stream"}, + {"Incorrect RAR v5+", []byte("Rar \x1A\x07\x01\x00"), "application/octet-stream"}, } func TestDetectContentType(t *testing.T) { |