Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http/cgi: should not put port into REMOTE_ADDR and REMOTE_HOST #9861

Closed
asergeyev opened this issue Feb 13, 2015 · 5 comments
Closed

net/http/cgi: should not put port into REMOTE_ADDR and REMOTE_HOST #9861

asergeyev opened this issue Feb 13, 2015 · 5 comments
Labels
FrozenDueToAge

Comments

@asergeyev
Copy link
Contributor

In all recent versions (1.4.x) cgi library puts http.Request RemoteAddr into both REMOTE_ADDR and REMOTE_HOST env vars. That is a string that has "IP:port" combination.

CGI 1.1 standard asks to put only IP address to REMOTE_ADDR and omit port... I suggest to make things work this way too.

Apache puts port into REMOTE_PORT variable (which is not in spec and not that important to have). I'd vote for ignoring port alltogether.
@mattn
Copy link
Member

mattn commented Feb 13, 2015

Related issue #8351 (Closed)

@asergeyev
Copy link
Contributor Author

That ticket discusses CGI child behavior and re-creation of the http.Request.RemoteAddr out of ENV variables that Apache or other server has set. Sure, when it was set by Go cgi-enabled server, things would go even worse, since REMOTE_ADDR already has "IP:port" it would become "IP:port:0" due to missing REMOTE_PORT var.

Here is where error goes in testing of CGI module:

func newRequest(httpreq string) *http.Request {
    buf := bufio.NewReader(strings.NewReader(httpreq))
    req, err := http.ReadRequest(buf)
    if err != nil {
        panic("cgi: bogus http request in test: " + httpreq)
    }
    req.RemoteAddr = "1.2.3.4"
    return req
}

Test sets RemoteAddr to static 1.2.3.4 value while http.Request documentation mentions that it's IP:port string...

If anyone would comment why that is string and not carried out net.Conn (*net.TCPConn I believe), I would gladly hear it and educate myself :) Fixing this IMO is out of scope of the problem, REMOTE_ADDR might be corrected in CGI and testing mishap that I described above is a small correction too.

@minux minux changed the title net/http/cgi should not put port to REMOTE_ADDR and REMOTE_HOST net/http/cgi: should not put port into REMOTE_ADDR and REMOTE_HOST Feb 14, 2015
@mattn
Copy link
Member

mattn commented Feb 16, 2015

seems not pushed your changes. Could you please try following.

$ git add /path/to/your/changed/file.go
$ git change
$ git mail

@asergeyev
Copy link
Contributor Author

Thanks, @mattn, I think I did some odd things in that one and now finally understood that changes must be staged and not committed. Submitted all in clean new codereview, and also fixed IPv6 error I had in original one there.

https://go-review.googlesource.com/#/c/4933/1

@asergeyev
Copy link
Contributor Author

@bradfitz any chance you can take a look?

@golang golang locked and limited conversation to collaborators Jun 25, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattn @asergeyev @gopherbot