Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net/idna: ToUnicode does not correctly handle labels with mixed/uppercase ACE prefixes #48778

Closed
CBonnell opened this issue Oct 4, 2021 · 3 comments
Closed

x/net/idna: ToUnicode does not correctly handle labels with mixed/uppercase ACE prefixes #48778

CBonnell opened this issue Oct 4, 2021 · 3 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@CBonnell
Copy link

CBonnell commented Oct 4, 2021

What version of Go are you using (go version)?

go version go1.17.1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/corey/.cache/go-build"
GOENV="/home/corey/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/corey/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/corey/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.1"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/mnt/c/Users/corey.bonnell/Documents/github/zlint/v3/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1136496137=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Passing a domain label with a mixed-case (e.g., xN--) or uppercase (XN--) IDNA ACE prefix is not processed by idna.ToUnicode in the same manner as lowercase (xn--). According to Section 2.3.1 of RFC 5890, XN-labels are "the class of labels that begin with the prefix "xn--" (case independent), but otherwise conform to the rules for LDH labels." Given this, it appears that idna.ToUnicode incorrectly uses a case sensitive comparsion when determining whether a label is a XN-label or not.

See https://play.golang.org/p/8Fp648egSFC for a minimal program reproducing the issue.

What did you expect to see?

In the repro linked above, the program should execute successfully to completion (the error in the "Fake A-label", regardless of ACE prefix casing, is correctly returned in both case).

What did you see instead?

For the fake A-label with a mixed case ACE prefix, no error is returned. This is incorrect according to section 2.3.1 of RFC 5890, referenced above.
@mknyszek
Copy link
Contributor

mknyszek commented Oct 4, 2021

CC @neild

@mknyszek mknyszek added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 4, 2021
@mknyszek mknyszek added this to the Unreleased milestone Oct 4, 2021
@elliotwutingfeng
Copy link

This appears to be fixed as of Go 1.19

@ianlancetaylor
Copy link
Contributor

Thanks, closing. Please comment if you disagree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@CBonnell @mknyszek @ianlancetaylor @elliotwutingfeng