diff options
Diffstat (limited to 'libgo/go')
45 files changed, 429 insertions, 96 deletions
diff --git a/libgo/go/crypto/tls/cipher_suites.go b/libgo/go/crypto/tls/cipher_suites.go index 00695e7..5039f31 100644 --- a/libgo/go/crypto/tls/cipher_suites.go +++ b/libgo/go/crypto/tls/cipher_suites.go @@ -23,8 +23,8 @@ type keyAgreement interface { // In the case that the key agreement protocol doesn't use a // ServerKeyExchange message, generateServerKeyExchange can return nil, // nil. - generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) - processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, error) + generateServerKeyExchange(*Config, *Certificate, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) + processClientKeyExchange(*Config, *Certificate, *clientKeyExchangeMsg, uint16) ([]byte, error) // On the client side, the next two methods are called in order. diff --git a/libgo/go/crypto/tls/handshake_server.go b/libgo/go/crypto/tls/handshake_server.go index 77e56a7..76adc54 100644 --- a/libgo/go/crypto/tls/handshake_server.go +++ b/libgo/go/crypto/tls/handshake_server.go @@ -112,37 +112,38 @@ FindCipherSuite: hello.nextProtoNeg = true hello.nextProtos = config.NextProtos } - if clientHello.ocspStapling && len(config.Certificates[0].OCSPStaple) > 0 { - hello.ocspStapling = true - } - - finishedHash.Write(hello.marshal()) - c.writeRecord(recordTypeHandshake, hello.marshal()) if len(config.Certificates) == 0 { return c.sendAlert(alertInternalError) } - - certMsg := new(certificateMsg) + cert := &config.Certificates[0] if len(clientHello.serverName) > 0 { c.serverName = clientHello.serverName - certMsg.certificates = config.getCertificateForName(clientHello.serverName).Certificate - } else { - certMsg.certificates = config.Certificates[0].Certificate + cert = config.getCertificateForName(clientHello.serverName) } + + if clientHello.ocspStapling && len(cert.OCSPStaple) > 0 { + hello.ocspStapling = true + } + + finishedHash.Write(hello.marshal()) + c.writeRecord(recordTypeHandshake, hello.marshal()) + + certMsg := new(certificateMsg) + certMsg.certificates = cert.Certificate finishedHash.Write(certMsg.marshal()) c.writeRecord(recordTypeHandshake, certMsg.marshal()) if hello.ocspStapling { certStatus := new(certificateStatusMsg) certStatus.statusType = statusTypeOCSP - certStatus.response = config.Certificates[0].OCSPStaple + certStatus.response = cert.OCSPStaple finishedHash.Write(certStatus.marshal()) c.writeRecord(recordTypeHandshake, certStatus.marshal()) } keyAgreement := suite.ka() - skx, err := keyAgreement.generateServerKeyExchange(config, clientHello, hello) + skx, err := keyAgreement.generateServerKeyExchange(config, cert, clientHello, hello) if err != nil { c.sendAlert(alertHandshakeFailure) return err @@ -288,7 +289,7 @@ FindCipherSuite: finishedHash.Write(certVerify.marshal()) } - preMasterSecret, err := keyAgreement.processClientKeyExchange(config, ckx, c.vers) + preMasterSecret, err := keyAgreement.processClientKeyExchange(config, cert, ckx, c.vers) if err != nil { c.sendAlert(alertHandshakeFailure) return err diff --git a/libgo/go/crypto/tls/handshake_server_test.go b/libgo/go/crypto/tls/handshake_server_test.go index 08a0ccb..7c12671 100644 --- a/libgo/go/crypto/tls/handshake_server_test.go +++ b/libgo/go/crypto/tls/handshake_server_test.go @@ -37,9 +37,12 @@ func init() { testConfig = new(Config) testConfig.Time = func() time.Time { return time.Unix(0, 0) } testConfig.Rand = zeroSource{} - testConfig.Certificates = make([]Certificate, 1) + testConfig.Certificates = make([]Certificate, 2) testConfig.Certificates[0].Certificate = [][]byte{testCertificate} testConfig.Certificates[0].PrivateKey = testPrivateKey + testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate} + testConfig.Certificates[1].PrivateKey = testPrivateKey + testConfig.BuildNameToCertificate() testConfig.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA} testConfig.InsecureSkipVerify = true } @@ -176,6 +179,13 @@ func TestHandshakeServerSSLv3(t *testing.T) { testServerScript(t, "SSLv3", sslv3ServerScript, testConfig, nil) } +// TestHandshakeServerSNI involves a client sending an SNI extension of +// "snitest.com", which happens to match the CN of testSNICertificate. The test +// verifies that the server correctly selects that certificate. +func TestHandshakeServerSNI(t *testing.T) { + testServerScript(t, "SNI", selectCertificateBySNIScript, testConfig, nil) +} + type clientauthTest struct { name string clientauth ClientAuthType @@ -258,6 +268,8 @@ func fromHex(s string) []byte { var testCertificate = fromHex("308202b030820219a00302010202090085b0bba48a7fb8ca300d06092a864886f70d01010505003045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3130303432343039303933385a170d3131303432343039303933385a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819f300d06092a864886f70d010101050003818d0030818902818100bb79d6f517b5e5bf4610d0dc69bee62b07435ad0032d8a7a4385b71452e7a5654c2c78b8238cb5b482e5de1f953b7e62a52ca533d6fe125c7a56fcf506bffa587b263fb5cd04d3d0c921964ac7f4549f5abfef427100fe1899077f7e887d7df10439c4a22edb51c97ce3c04c3b326601cfafb11db8719a1ddbdb896baeda2d790203010001a381a73081a4301d0603551d0e04160414b1ade2855acfcb28db69ce2369ded3268e18883930750603551d23046e306c8014b1ade2855acfcb28db69ce2369ded3268e188839a149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746482090085b0bba48a7fb8ca300c0603551d13040530030101ff300d06092a864886f70d010105050003818100086c4524c76bb159ab0c52ccf2b014d7879d7a6475b55a9566e4c52b8eae12661feb4f38b36e60d392fdf74108b52513b1187a24fb301dbaed98b917ece7d73159db95d31d78ea50565cd5825a2d5a5f33c4b6d8c97590968c0f5298b5cd981f89205ff2a01ca31b9694dda9fd57e970e8266d71999b266e3850296c90a7bdd9") +var testSNICertificate = fromHex("308201f23082015da003020102020100300b06092a864886f70d01010530283110300e060355040a130741636d6520436f311430120603550403130b736e69746573742e636f6d301e170d3132303431313137343033355a170d3133303431313137343533355a30283110300e060355040a130741636d6520436f311430120603550403130b736e69746573742e636f6d30819d300b06092a864886f70d01010103818d0030818902818100bb79d6f517b5e5bf4610d0dc69bee62b07435ad0032d8a7a4385b71452e7a5654c2c78b8238cb5b482e5de1f953b7e62a52ca533d6fe125c7a56fcf506bffa587b263fb5cd04d3d0c921964ac7f4549f5abfef427100fe1899077f7e887d7df10439c4a22edb51c97ce3c04c3b326601cfafb11db8719a1ddbdb896baeda2d790203010001a3323030300e0603551d0f0101ff0404030200a0300d0603551d0e0406040401020304300f0603551d2304083006800401020304300b06092a864886f70d0101050381810089c6455f1c1f5ef8eb1ab174ee2439059f5c4259bb1a8d86cdb1d056f56a717da40e95ab90f59e8deaf627c157995094db0802266eb34fc6842dea8a4b68d9c1389103ab84fb9e1f85d9b5d23ff2312c8670fbb540148245a4ebafe264d90c8a4cf4f85b0fac12ac2fc4a3154bad52462868af96c62c6525d652b6e31845bdcc") + var testPrivateKey = &rsa.PrivateKey{ PublicKey: rsa.PublicKey{ N: bigFromString("131650079503776001033793877885499001334664249354723305978524647182322416328664556247316495448366990052837680518067798333412266673813370895702118944398081598789828837447552603077848001020611640547221687072142537202428102790818451901395596882588063427854225330436740647715202971973145151161964464812406232198521"), @@ -947,6 +959,142 @@ var sslv3ServerScript = [][]byte{ }, } +var selectCertificateBySNIScript = [][]byte{ + { + 0x16, 0x03, 0x01, 0x00, 0x6e, 0x01, 0x00, 0x00, + 0x6a, 0x03, 0x01, 0x4f, 0x85, 0xc4, 0xc2, 0xb9, + 0x39, 0x80, 0x91, 0x66, 0x65, 0x56, 0x8e, 0xdd, + 0x48, 0xe9, 0xca, 0x34, 0x02, 0x3c, 0xaf, 0x0d, + 0x73, 0xb5, 0x2a, 0x05, 0x6e, 0xbd, 0x5e, 0x8f, + 0x38, 0xf9, 0xe5, 0x00, 0x00, 0x28, 0x00, 0x39, + 0x00, 0x38, 0x00, 0x35, 0x00, 0x16, 0x00, 0x13, + 0x00, 0x0a, 0x00, 0x33, 0x00, 0x32, 0x00, 0x2f, + 0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12, + 0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08, + 0x00, 0x06, 0x00, 0x03, 0x00, 0xff, 0x02, 0x01, + 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x10, 0x00, + 0x0e, 0x00, 0x00, 0x0b, 0x73, 0x6e, 0x69, 0x74, + 0x65, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00, + 0x23, 0x00, 0x00, + }, + { + 0x16, 0x03, 0x01, 0x00, 0x2a, 0x02, 0x00, 0x00, + 0x26, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x16, + 0x03, 0x01, 0x02, 0x00, 0x0b, 0x00, 0x01, 0xfc, + 0x00, 0x01, 0xf9, 0x00, 0x01, 0xf6, 0x30, 0x82, + 0x01, 0xf2, 0x30, 0x82, 0x01, 0x5d, 0xa0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x30, 0x0b, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x05, 0x30, 0x28, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, + 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x31, + 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x0b, 0x73, 0x6e, 0x69, 0x74, 0x65, 0x73, + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, + 0x0d, 0x31, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, + 0x37, 0x34, 0x30, 0x33, 0x35, 0x5a, 0x17, 0x0d, + 0x31, 0x33, 0x30, 0x34, 0x31, 0x31, 0x31, 0x37, + 0x34, 0x35, 0x33, 0x35, 0x5a, 0x30, 0x28, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, + 0x6f, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x0b, 0x73, 0x6e, 0x69, 0x74, + 0x65, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x81, 0x9d, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x03, + 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, + 0x81, 0x00, 0xbb, 0x79, 0xd6, 0xf5, 0x17, 0xb5, + 0xe5, 0xbf, 0x46, 0x10, 0xd0, 0xdc, 0x69, 0xbe, + 0xe6, 0x2b, 0x07, 0x43, 0x5a, 0xd0, 0x03, 0x2d, + 0x8a, 0x7a, 0x43, 0x85, 0xb7, 0x14, 0x52, 0xe7, + 0xa5, 0x65, 0x4c, 0x2c, 0x78, 0xb8, 0x23, 0x8c, + 0xb5, 0xb4, 0x82, 0xe5, 0xde, 0x1f, 0x95, 0x3b, + 0x7e, 0x62, 0xa5, 0x2c, 0xa5, 0x33, 0xd6, 0xfe, + 0x12, 0x5c, 0x7a, 0x56, 0xfc, 0xf5, 0x06, 0xbf, + 0xfa, 0x58, 0x7b, 0x26, 0x3f, 0xb5, 0xcd, 0x04, + 0xd3, 0xd0, 0xc9, 0x21, 0x96, 0x4a, 0xc7, 0xf4, + 0x54, 0x9f, 0x5a, 0xbf, 0xef, 0x42, 0x71, 0x00, + 0xfe, 0x18, 0x99, 0x07, 0x7f, 0x7e, 0x88, 0x7d, + 0x7d, 0xf1, 0x04, 0x39, 0xc4, 0xa2, 0x2e, 0xdb, + 0x51, 0xc9, 0x7c, 0xe3, 0xc0, 0x4c, 0x3b, 0x32, + 0x66, 0x01, 0xcf, 0xaf, 0xb1, 0x1d, 0xb8, 0x71, + 0x9a, 0x1d, 0xdb, 0xdb, 0x89, 0x6b, 0xae, 0xda, + 0x2d, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, + 0x32, 0x30, 0x30, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, + 0x02, 0x00, 0xa0, 0x30, 0x0d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x06, 0x04, 0x04, 0x01, 0x02, + 0x03, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, + 0x23, 0x04, 0x08, 0x30, 0x06, 0x80, 0x04, 0x01, + 0x02, 0x03, 0x04, 0x30, 0x0b, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x03, 0x81, 0x81, 0x00, 0x89, 0xc6, 0x45, 0x5f, + 0x1c, 0x1f, 0x5e, 0xf8, 0xeb, 0x1a, 0xb1, 0x74, + 0xee, 0x24, 0x39, 0x05, 0x9f, 0x5c, 0x42, 0x59, + 0xbb, 0x1a, 0x8d, 0x86, 0xcd, 0xb1, 0xd0, 0x56, + 0xf5, 0x6a, 0x71, 0x7d, 0xa4, 0x0e, 0x95, 0xab, + 0x90, 0xf5, 0x9e, 0x8d, 0xea, 0xf6, 0x27, 0xc1, + 0x57, 0x99, 0x50, 0x94, 0xdb, 0x08, 0x02, 0x26, + 0x6e, 0xb3, 0x4f, 0xc6, 0x84, 0x2d, 0xea, 0x8a, + 0x4b, 0x68, 0xd9, 0xc1, 0x38, 0x91, 0x03, 0xab, + 0x84, 0xfb, 0x9e, 0x1f, 0x85, 0xd9, 0xb5, 0xd2, + 0x3f, 0xf2, 0x31, 0x2c, 0x86, 0x70, 0xfb, 0xb5, + 0x40, 0x14, 0x82, 0x45, 0xa4, 0xeb, 0xaf, 0xe2, + 0x64, 0xd9, 0x0c, 0x8a, 0x4c, 0xf4, 0xf8, 0x5b, + 0x0f, 0xac, 0x12, 0xac, 0x2f, 0xc4, 0xa3, 0x15, + 0x4b, 0xad, 0x52, 0x46, 0x28, 0x68, 0xaf, 0x96, + 0xc6, 0x2c, 0x65, 0x25, 0xd6, 0x52, 0xb6, 0xe3, + 0x18, 0x45, 0xbd, 0xcc, 0x16, 0x03, 0x01, 0x00, + 0x04, 0x0e, 0x00, 0x00, 0x00, + }, + { + 0x16, 0x03, 0x01, 0x00, 0x86, 0x10, 0x00, 0x00, + 0x82, 0x00, 0x80, 0x70, 0x1d, 0x34, 0x75, 0xa2, + 0xe7, 0xe3, 0x2f, 0x3d, 0xc1, 0x1d, 0xca, 0x0b, + 0xe3, 0x64, 0xb9, 0x1a, 0x00, 0x69, 0xc4, 0x14, + 0x05, 0x07, 0x7e, 0xc3, 0x51, 0x43, 0x52, 0x66, + 0xe3, 0xbd, 0xff, 0x1b, 0x1a, 0x6a, 0x84, 0xf2, + 0x07, 0x24, 0xd7, 0x12, 0xa8, 0x58, 0xcf, 0x8a, + 0x50, 0x30, 0xe8, 0xc8, 0xb2, 0xf9, 0x58, 0x1c, + 0x56, 0x53, 0x76, 0x21, 0xe0, 0x03, 0x7f, 0x77, + 0xa7, 0xf1, 0xad, 0x67, 0xd4, 0xe2, 0x8f, 0xa0, + 0x58, 0x6c, 0xe0, 0x28, 0x59, 0xf3, 0xd1, 0x53, + 0x2b, 0x21, 0xbd, 0xa3, 0x84, 0x31, 0x73, 0xbf, + 0x84, 0x0f, 0x83, 0xf4, 0xc4, 0xd0, 0xe5, 0x3c, + 0x2d, 0x3e, 0xf2, 0x8a, 0x1e, 0xe7, 0xe9, 0x1f, + 0x12, 0x13, 0xad, 0x29, 0xd6, 0x0c, 0xc7, 0xc6, + 0x05, 0x53, 0x7d, 0x5e, 0xc6, 0x92, 0x72, 0xba, + 0xd2, 0x93, 0x8f, 0x53, 0x84, 0x87, 0x44, 0x05, + 0x9f, 0x5d, 0x66, 0x14, 0x03, 0x01, 0x00, 0x01, + 0x01, 0x16, 0x03, 0x01, 0x00, 0x24, 0xfc, 0x71, + 0xaa, 0xa8, 0x37, 0xa8, 0xbd, 0x63, 0xb7, 0xbc, + 0x95, 0xef, 0x0c, 0xcf, 0x39, 0x31, 0x93, 0xe6, + 0x86, 0xbd, 0x3f, 0x56, 0x9d, 0xf0, 0xb2, 0xb5, + 0xd1, 0xa7, 0xc6, 0x45, 0x89, 0x18, 0xfb, 0xa0, + 0x7f, 0xc1, + }, + { + 0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, + 0x01, 0x00, 0x24, 0xb8, 0x6d, 0x9a, 0x90, 0x3c, + 0x45, 0xe0, 0xff, 0x63, 0xba, 0xab, 0x3d, 0x7a, + 0xa6, 0x49, 0x5a, 0x13, 0xdc, 0x0e, 0xa3, 0xba, + 0x7f, 0x04, 0x19, 0x45, 0xfd, 0xfb, 0xbd, 0x00, + 0xa3, 0xa7, 0x78, 0x81, 0x38, 0x9f, 0x10, 0x17, + 0x03, 0x01, 0x00, 0x21, 0x43, 0xc3, 0x91, 0xb7, + 0xbf, 0x50, 0x0b, 0x04, 0xb4, 0x5d, 0xc6, 0x20, + 0x64, 0xb8, 0x01, 0x09, 0x25, 0x2c, 0x03, 0x30, + 0xc0, 0x77, 0xc9, 0x5e, 0xe6, 0xe0, 0x99, 0xdc, + 0xcd, 0x75, 0x9d, 0x51, 0x82, 0x15, 0x03, 0x01, + 0x00, 0x16, 0x2d, 0x7a, 0x89, 0x7b, 0x36, 0x85, + 0x2a, 0x93, 0xcb, 0x83, 0xa7, 0x2f, 0x9e, 0x91, + 0xfc, 0xad, 0x57, 0xca, 0xf5, 0xbc, 0x13, 0x2f, + }, +} + var clientauthTests = []clientauthTest{ // Server doesn't asks for cert // go test -run "TestRunServer" -serve -clientauth 0 @@ -1285,7 +1433,7 @@ var clientauthTests = []clientauthTest{ // go test -run "TestRunServer" -serve -clientauth 1 // gnutls-cli --insecure --debug 100 -p 10443 localhost {"RequestClientCert, client gives it", RequestClientCert, - []*x509.Certificate{clicert}, + []*x509.Certificate{clientCertificate}, [][]byte{{ 0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00, 0x76, 0x03, 0x02, 0x4e, 0xe7, 0x44, 0xda, 0x58, @@ -1528,14 +1676,16 @@ var clientauthTests = []clientauthTest{ 0x00, 0x16, 0x53, 0xf5, 0xff, 0xe0, 0xa1, 0x6c, 0x33, 0xf4, 0x4e, 0x89, 0x68, 0xe1, 0xf7, 0x61, 0x13, 0xb3, 0x12, 0xa1, 0x8e, 0x5a, 0x7a, 0x02, - }}}, + }, + }, + }, } // cert.pem and key.pem were generated with generate_cert.go // Thus, they have no ExtKeyUsage fields and trigger an error // when verification is turned on. -var clicert = loadPEMCert(` +var clientCertificate = loadPEMCert(` -----BEGIN CERTIFICATE----- MIIB7TCCAVigAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIwODA3NTUxMloXDTEyMTIwNzA4 diff --git a/libgo/go/crypto/tls/key_agreement.go b/libgo/go/crypto/tls/key_agreement.go index a931d8f..b6e73fe 100644 --- a/libgo/go/crypto/tls/key_agreement.go +++ b/libgo/go/crypto/tls/key_agreement.go @@ -20,11 +20,11 @@ import ( // encrypts the pre-master secret to the server's public key. type rsaKeyAgreement struct{} -func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { +func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { return nil, nil } -func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { +func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { preMasterSecret := make([]byte, 48) _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) if err != nil { @@ -44,7 +44,7 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe ciphertext = ckx.ciphertext[2:] } - err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0].PrivateKey.(*rsa.PrivateKey), ciphertext, preMasterSecret) + err = rsa.DecryptPKCS1v15SessionKey(config.rand(), cert.PrivateKey.(*rsa.PrivateKey), ciphertext, preMasterSecret) if err != nil { return nil, err } @@ -109,7 +109,7 @@ type ecdheRSAKeyAgreement struct { x, y *big.Int } -func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { +func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { var curveid uint16 Curve: @@ -151,7 +151,7 @@ Curve: copy(serverECDHParams[4:], ecdhePublic) md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams) - sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey.(*rsa.PrivateKey), crypto.MD5SHA1, md5sha1) + sig, err := rsa.SignPKCS1v15(config.rand(), cert.PrivateKey.(*rsa.PrivateKey), crypto.MD5SHA1, md5sha1) if err != nil { return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) } @@ -167,7 +167,7 @@ Curve: return skx, nil } -func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { +func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 { return nil, errors.New("bad ClientKeyExchange") } diff --git a/libgo/go/database/sql/sql.go b/libgo/go/database/sql/sql.go index 51a357b..89136ef 100644 --- a/libgo/go/database/sql/sql.go +++ b/libgo/go/database/sql/sql.go @@ -327,6 +327,9 @@ func (db *DB) prepare(query string) (stmt *Stmt, err error) { // Exec executes a query without returning any rows. func (db *DB) Exec(query string, args ...interface{}) (Result, error) { sargs, err := subsetTypeArgs(args) + if err != nil { + return nil, err + } var res Result for i := 0; i < 10; i++ { res, err = db.exec(query, sargs) diff --git a/libgo/go/encoding/ascii85/ascii85.go b/libgo/go/encoding/ascii85/ascii85.go index 7d004b5..7050227 100644 --- a/libgo/go/encoding/ascii85/ascii85.go +++ b/libgo/go/encoding/ascii85/ascii85.go @@ -57,6 +57,7 @@ func Encode(dst, src []byte) int { if v == 0 && len(src) >= 4 { dst[0] = 'z' dst = dst[1:] + src = src[4:] n++ continue } diff --git a/libgo/go/encoding/ascii85/ascii85_test.go b/libgo/go/encoding/ascii85/ascii85_test.go index 70e67d8..42cf7e8 100644 --- a/libgo/go/encoding/ascii85/ascii85_test.go +++ b/libgo/go/encoding/ascii85/ascii85_test.go @@ -28,6 +28,11 @@ var pairs = []testpair{ "l(DId<j@<?3r@:F%a+D58'ATD4$Bl@l3De:,-DJs`8ARoFb/0JMK@qB4^F!,R<AKZ&-DfTqBG%G\n" + ">uD.RTpAKYo'+CT/5+Cei#DII?(E,9)oF*2M7/c\n", }, + // Special case when shortening !!!!! to z. + { + "\000\000\000\000", + "z", + }, } var bigtest = pairs[len(pairs)-1] diff --git a/libgo/go/encoding/asn1/asn1.go b/libgo/go/encoding/asn1/asn1.go index 3bf81a6..ac2b5f8 100644 --- a/libgo/go/encoding/asn1/asn1.go +++ b/libgo/go/encoding/asn1/asn1.go @@ -377,11 +377,6 @@ func parseTagAndLength(bytes []byte, initOffset int) (ret tagAndLength, offset i } else { // Bottom 7 bits give the number of length bytes to follow. numBytes := int(b & 0x7f) - // We risk overflowing a signed 32-bit number if we accept more than 3 bytes. - if numBytes > 3 { - err = StructuralError{"length too large"} - return - } if numBytes == 0 { err = SyntaxError{"indefinite length found (not DER)"} return @@ -394,8 +389,19 @@ func parseTagAndLength(bytes []byte, initOffset int) (ret tagAndLength, offset i } b = bytes[offset] offset++ + if ret.length >= 1<<23 { + // We can't shift ret.length up without + // overflowing. + err = StructuralError{"length too large"} + return + } ret.length <<= 8 ret.length |= int(b) + if ret.length == 0 { + // DER requires that lengths be minimal. + err = StructuralError{"superfluous leading zeros in length"} + return + } } } diff --git a/libgo/go/encoding/asn1/asn1_test.go b/libgo/go/encoding/asn1/asn1_test.go index 93803f4..eb848bd 100644 --- a/libgo/go/encoding/asn1/asn1_test.go +++ b/libgo/go/encoding/asn1/asn1_test.go @@ -283,6 +283,12 @@ var tagAndLengthData = []tagAndLengthTest{ {[]byte{0x00, 0x83, 0x01, 0x00}, false, tagAndLength{}}, {[]byte{0x1f, 0x85}, false, tagAndLength{}}, {[]byte{0x30, 0x80}, false, tagAndLength{}}, + // Superfluous zeros in the length should be an error. + {[]byte{0xa0, 0x82, 0x00, 0x01}, false, tagAndLength{}}, + // Lengths up to the maximum size of an int should work. + {[]byte{0xa0, 0x84, 0x7f, 0xff, 0xff, 0xff}, true, tagAndLength{2, 0, 0x7fffffff, true}}, + // Lengths that would overflow an int should be rejected. + {[]byte{0xa0, 0x84, 0x80, 0x00, 0x00, 0x00}, false, tagAndLength{}}, } func TestParseTagAndLength(t *testing.T) { diff --git a/libgo/go/encoding/base64/base64.go b/libgo/go/encoding/base64/base64.go index 55f9f67..f8a51a4e 100644 --- a/libgo/go/encoding/base64/base64.go +++ b/libgo/go/encoding/base64/base64.go @@ -230,7 +230,12 @@ func (enc *Encoding) decode(dst, src []byte) (n int, end bool, err error) { if in == '=' && j >= 2 && len(src) < 4 { // We've reached the end and there's // padding + if len(src) == 0 && j == 2 { + // not enough padding + return n, false, CorruptInputError(len(osrc)) + } if len(src) > 0 && src[0] != '=' { + // incorrect padding return n, false, CorruptInputError(len(osrc) - len(src) - 1) } dlen = j diff --git a/libgo/go/encoding/base64/base64_test.go b/libgo/go/encoding/base64/base64_test.go index 3e9a843..9c35372 100644 --- a/libgo/go/encoding/base64/base64_test.go +++ b/libgo/go/encoding/base64/base64_test.go @@ -151,6 +151,9 @@ func TestDecodeCorrupt(t *testing.T) { {"AAA=AAAA", 3}, {"AAAAA", 4}, {"AAAAAA", 4}, + {"A=", 1}, + {"AA=", 3}, + {"AAAAAA=", 7}, } for _, e := range examples { diff --git a/libgo/go/encoding/json/encode.go b/libgo/go/encoding/json/encode.go index 14957b8..842672c 100644 --- a/libgo/go/encoding/json/encode.go +++ b/libgo/go/encoding/json/encode.go @@ -17,6 +17,7 @@ import ( "runtime" "sort" "strconv" + "strings" "sync" "unicode" "unicode/utf8" @@ -415,9 +416,11 @@ func isValidTag(s string) bool { return false } for _, c := range s { - switch c { - case '$', '-', '_', '/', '%': - // Acceptable + switch { + case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~", c): + // Backslash and quote chars are reserved, but + // otherwise any punctuation chars are allowed + // in a tag name. default: if !unicode.IsLetter(c) && !unicode.IsDigit(c) { return false diff --git a/libgo/go/encoding/json/tagkey_test.go b/libgo/go/encoding/json/tagkey_test.go index bba5730..da8b12b 100644 --- a/libgo/go/encoding/json/tagkey_test.go +++ b/libgo/go/encoding/json/tagkey_test.go @@ -40,6 +40,10 @@ type percentSlashTag struct { V string `json:"text/html%"` // http://golang.org/issue/2718 } +type punctuationTag struct { + V string `json:"!#$%&()*+-./:<=>?@[]^_{|}~"` // http://golang.org/issue/3546 +} + type emptyTag struct { W string } @@ -73,6 +77,7 @@ var structTagObjectKeyTests = []struct { {badFormatTag{"Orfevre"}, "Orfevre", "Y"}, {badCodeTag{"Reliable Man"}, "Reliable Man", "Z"}, {percentSlashTag{"brut"}, "brut", "text/html%"}, + {punctuationTag{"Union Rags"}, "Union Rags", "!#$%&()*+-./:<=>?@[]^_{|}~"}, } func TestStructTagObjectKey(t *testing.T) { diff --git a/libgo/go/encoding/pem/pem.go b/libgo/go/encoding/pem/pem.go index 38afbb4..3c1f5ab 100644 --- a/libgo/go/encoding/pem/pem.go +++ b/libgo/go/encoding/pem/pem.go @@ -28,9 +28,10 @@ type Block struct { } // getLine results the first \r\n or \n delineated line from the given byte -// array. The line does not include the \r\n or \n. The remainder of the byte -// array (also not including the new line bytes) is also returned and this will -// always be smaller than the original argument. +// array. The line does not include trailing whitespace or the trailing new +// line bytes. The remainder of the byte array (also not including the new line +// bytes) is also returned and this will always be smaller than the original +// argument. func getLine(data []byte) (line, rest []byte) { i := bytes.Index(data, []byte{'\n'}) var j int @@ -43,7 +44,7 @@ func getLine(data []byte) (line, rest []byte) { i-- } } - return data[0:i], data[j:] + return bytes.TrimRight(data[0:i], " \t"), data[j:] } // removeWhitespace returns a copy of its input with all spaces, tab and diff --git a/libgo/go/encoding/pem/pem_test.go b/libgo/go/encoding/pem/pem_test.go index 9ae1578..6133534 100644 --- a/libgo/go/encoding/pem/pem_test.go +++ b/libgo/go/encoding/pem/pem_test.go @@ -127,13 +127,13 @@ Certificate chain -----BEGIN CERTIFICATE----- testing -----BEGIN CERTIFICATE----- ------BEGIN CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIID6TCCA1ICAQEwDQYJKoZIhvcNAQEFBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQK -EwtHb29nbGUgSW5jLjEMMAoGA1UECxMDRW5nMQwwCgYDVQQDEwNhZ2wxHTAbBgkq -hkiG9w0BCQEWDmFnbEBnb29nbGUuY29tMB4XDTA5MDkwOTIyMDU0M1oXDTEwMDkw -OTIyMDU0M1owajELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAf -BgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEjMCEGA1UEAxMaZXVyb3Bh +EwtHb29nbGUgSW5jLjEMMAoGA1UECxMDRW5nMQwwCgYDVQQDEwNhZ2wxHTAbBgkq +hkiG9w0BCQEWDmFnbEBnb29nbGUuY29tMB4XDTA5MDkwOTIyMDU0M1oXDTEwMDkw +OTIyMDU0M1owajELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAf +BgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEjMCEGA1UEAxMaZXVyb3Bh LnNmby5jb3JwLmdvb2dsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC6pgYt7/EibBDumASF+S0qvqdL/f+nouJw2T1Qc8GmXF/iiUcrsgzh/Fd8 pDhz/T96Qg9IyR4ztuc2MXrmPra+zAuSf5bevFReSqvpIt8Duv0HbDbcqs/XKPfB @@ -149,15 +149,15 @@ Pomjn71GNTtDeWAXibjCgdL6iHACCF6Htbl0zGlG0OAK+bdn0QIDAQABMA0GCSqG SIb3DQEBBQUAA4GBAOKnQDtqBV24vVqvesL5dnmyFpFPXBn3WdFfwD6DzEb21UVG 5krmJiu+ViipORJPGMkgoL6BjU21XI95VQbun5P8vvg8Z+FnFsvRFY3e1CCzAVQY ZsUkLw2I7zI/dNlWdB8Xp7v+3w9sX5N3J/WuJ1KOO5m26kRlHQo7EzT3974g ------END CERTIFICATE----- +-----END CERTIFICATE----- 1 s:/C=ZA/O=Ca Inc./CN=CA Inc ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,80C7C7A09690757A - +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,80C7C7A09690757A + eQp5ZkH6CyHBz7BZfUPxyLCCmftsBJ7HlqGb8Ld21cSwnzWZ4/SIlhyrUtsfw7VR -2TTwA+odo9ex7GdxOTaH8oZFumIRoiEjHsk8U7Bhntp+ekkPP79xunnN7hb7hkhr +2TTwA+odo9ex7GdxOTaH8oZFumIRoiEjHsk8U7Bhntp+ekkPP79xunnN7hb7hkhr yGDQZgA7s2cQHQ71v3gwT2BACAft26jCjbM1wgNzBnJ8M0Rzn68YWqaPtdBu8qb/ zVR5JB1mnqvTSbFsfF5yMc6o2WQ9jJCl6KypnMl+BpL+dlvdjYVK4l9lYsB1Hs3d +zDBbWxos818zzhS8/y6eIfiSG27cqrbhURbmgiSfDXjncK4m/pLcQ7mmBL6mFOr diff --git a/libgo/go/flag/flag.go b/libgo/go/flag/flag.go index c28d0e7..f0842a1 100644 --- a/libgo/go/flag/flag.go +++ b/libgo/go/flag/flag.go @@ -7,9 +7,11 @@ Usage: - Define flags using flag.String(), Bool(), Int(), etc. Example: + Define flags using flag.String(), Bool(), Int(), etc. + + This declares an integer flag, -flagname, stored in the pointer ip, with type *int. import "flag" - var ip *int = flag.Int("flagname", 1234, "help message for flagname") + var ip = flag.Int("flagname", 1234, "help message for flagname") If you like, you can bind the flag to a variable using the Var() functions. var flagvar int func init() { @@ -26,8 +28,8 @@ Flags may then be used directly. If you're using the flags themselves, they are all pointers; if you bind to variables, they're values. - fmt.Println("ip has value ", *ip); - fmt.Println("flagvar has value ", flagvar); + fmt.Println("ip has value ", *ip) + fmt.Println("flagvar has value ", flagvar) After parsing, the arguments after the flag are available as the slice flag.Args() or individually as flag.Arg(i). diff --git a/libgo/go/fmt/fmt_test.go b/libgo/go/fmt/fmt_test.go index e0c587a..500a459 100644 --- a/libgo/go/fmt/fmt_test.go +++ b/libgo/go/fmt/fmt_test.go @@ -461,6 +461,9 @@ var fmttests = []struct { // zero reflect.Value, which formats as <nil>. // This test is just to check that it shows the two NaNs at all. {"%v", map[float64]int{math.NaN(): 1, math.NaN(): 2}, "map[NaN:<nil> NaN:<nil>]"}, + + // Used to crash because nByte didn't allow for a sign. + {"%b", int64(-1 << 63), "-1000000000000000000000000000000000000000000000000000000000000000"}, } func TestSprintf(t *testing.T) { diff --git a/libgo/go/fmt/format.go b/libgo/go/fmt/format.go index 2186f33..caf900d 100644 --- a/libgo/go/fmt/format.go +++ b/libgo/go/fmt/format.go @@ -10,7 +10,7 @@ import ( ) const ( - nByte = 64 + nByte = 65 // %b of an int64, plus a sign. ldigits = "0123456789abcdef" udigits = "0123456789ABCDEF" diff --git a/libgo/go/html/escape.go b/libgo/go/html/escape.go index fee771a..24cb7af 100644 --- a/libgo/go/html/escape.go +++ b/libgo/go/html/escape.go @@ -210,13 +210,15 @@ func escape(w writer, s string) error { case '&': esc = "&" case '\'': - esc = "'" + // "'" is shorter than "'" and apos was not in HTML until HTML5. + esc = "'" case '<': esc = "<" case '>': esc = ">" case '"': - esc = """ + // """ is shorter than """. + esc = """ default: panic("unrecognized escape character") } @@ -231,7 +233,7 @@ func escape(w writer, s string) error { } // EscapeString escapes special characters like "<" to become "<". It -// escapes only five such characters: amp, apos, lt, gt and quot. +// escapes only five such characters: <, >, &, ' and ". // UnescapeString(EscapeString(s)) == s always holds, but the converse isn't // always true. func EscapeString(s string) string { diff --git a/libgo/go/mime/mediatype.go b/libgo/go/mime/mediatype.go index 9398dec..8396c0a 100644 --- a/libgo/go/mime/mediatype.go +++ b/libgo/go/mime/mediatype.go @@ -99,7 +99,7 @@ func ParseMediaType(v string) (mediatype string, params map[string]string, err e err = checkMediaTypeDisposition(mediatype) if err != nil { - return + return "", nil, err } params = make(map[string]string) diff --git a/libgo/go/mime/mediatype_test.go b/libgo/go/mime/mediatype_test.go index 64ab291..e41ead2 100644 --- a/libgo/go/mime/mediatype_test.go +++ b/libgo/go/mime/mediatype_test.go @@ -244,13 +244,33 @@ func TestParseMediaType(t *testing.T) { } } +type badMediaTypeTest struct { + in string + err string +} + +var badMediaTypeTests = []badMediaTypeTest{ + {"bogus ;=========", "mime: invalid media parameter"}, + {"bogus/<script>alert</script>", "mime: expected token after slash"}, + {"bogus/bogus<script>alert</script>", "mime: unexpected content after media subtype"}, +} + func TestParseMediaTypeBogus(t *testing.T) { - mt, params, err := ParseMediaType("bogus ;=========") - if err == nil { - t.Fatalf("expected an error parsing invalid media type; got type %q, params %#v", mt, params) - } - if err.Error() != "mime: invalid media parameter" { - t.Errorf("expected invalid media parameter; got error %q", err) + for _, tt := range badMediaTypeTests { + mt, params, err := ParseMediaType(tt.in) + if err == nil { + t.Errorf("ParseMediaType(%q) = nil error; want parse error", tt.in) + continue + } + if err.Error() != tt.err { + t.Errorf("ParseMediaType(%q) = err %q; want %q", tt.in, err.Error(), tt.err) + } + if params != nil { + t.Errorf("ParseMediaType(%q): got non-nil params on error", tt.in) + } + if mt != "" { + t.Errorf("ParseMediaType(%q): got non-empty media type string on error", tt.in) + } } } diff --git a/libgo/go/mime/multipart/multipart.go b/libgo/go/mime/multipart/multipart.go index d733130..6ace4be 100644 --- a/libgo/go/mime/multipart/multipart.go +++ b/libgo/go/mime/multipart/multipart.go @@ -185,6 +185,14 @@ func (r *Reader) NextPart() (*Part, error) { expectNewPart := false for { line, err := r.bufReader.ReadSlice('\n') + if err == io.EOF && bytes.Equal(line, r.dashBoundaryDash) { + // If the buffer ends in "--boundary--" without the + // trailing "\r\n", ReadSlice will return an error + // (since it's missing the '\n'), but this is a valid + // multipart EOF so we need to return io.EOF instead of + // a fmt-wrapped one. + return nil, io.EOF + } if err != nil { return nil, fmt.Errorf("multipart: NextPart: %v", err) } diff --git a/libgo/go/mime/multipart/multipart_test.go b/libgo/go/mime/multipart/multipart_test.go index 89ff5e4..ca7108d 100644 --- a/libgo/go/mime/multipart/multipart_test.go +++ b/libgo/go/mime/multipart/multipart_test.go @@ -10,6 +10,7 @@ import ( "fmt" "io" "io/ioutil" + "os" "strings" "testing" ) @@ -377,3 +378,52 @@ func TestLineContinuation(t *testing.T) { } } } + +// Test parsing an image attachment from gmail, which previously failed. +func TestNested(t *testing.T) { + // nested-mime is the body part of a multipart/mixed email + // with boundary e89a8ff1c1e83553e304be640612 + f, err := os.Open("testdata/nested-mime") + if err != nil { + t.Fatal(err) + } + defer f.Close() + mr := NewReader(f, "e89a8ff1c1e83553e304be640612") + p, err := mr.NextPart() + if err != nil { + t.Fatalf("error reading first section (alternative): %v", err) + } + + // Read the inner text/plain and text/html sections of the multipart/alternative. + mr2 := NewReader(p, "e89a8ff1c1e83553e004be640610") + p, err = mr2.NextPart() + if err != nil { + t.Fatalf("reading text/plain part: %v", err) + } + if b, err := ioutil.ReadAll(p); string(b) != "*body*\r\n" || err != nil { + t.Fatalf("reading text/plain part: got %q, %v", b, err) + } + p, err = mr2.NextPart() + if err != nil { + t.Fatalf("reading text/html part: %v", err) + } + if b, err := ioutil.ReadAll(p); string(b) != "<b>body</b>\r\n" || err != nil { + t.Fatalf("reading text/html part: got %q, %v", b, err) + } + + p, err = mr2.NextPart() + if err != io.EOF { + t.Fatalf("final inner NextPart = %v; want io.EOF", err) + } + + // Back to the outer multipart/mixed, reading the image attachment. + _, err = mr.NextPart() + if err != nil { + t.Fatalf("error reading the image attachment at the end: %v", err) + } + + _, err = mr.NextPart() + if err != io.EOF { + t.Fatalf("final outer NextPart = %v; want io.EOF", err) + } +} diff --git a/libgo/go/mime/multipart/testdata/nested-mime b/libgo/go/mime/multipart/testdata/nested-mime new file mode 100644 index 0000000..71c238e --- /dev/null +++ b/libgo/go/mime/multipart/testdata/nested-mime @@ -0,0 +1,29 @@ +--e89a8ff1c1e83553e304be640612
+Content-Type: multipart/alternative; boundary=e89a8ff1c1e83553e004be640610
+
+--e89a8ff1c1e83553e004be640610
+Content-Type: text/plain; charset=UTF-8
+
+*body*
+
+--e89a8ff1c1e83553e004be640610
+Content-Type: text/html; charset=UTF-8
+
+<b>body</b>
+
+--e89a8ff1c1e83553e004be640610--
+--e89a8ff1c1e83553e304be640612
+Content-Type: image/png; name="x.png"
+Content-Disposition: attachment;
+ filename="x.png"
+Content-Transfer-Encoding: base64
+X-Attachment-Id: f_h1edgigu0
+
+iVBORw0KGgoAAAANSUhEUgAAAagAAADrCAIAAACza5XhAAAKMWlDQ1BJQ0MgUHJvZmlsZQAASImd
+lndUU9kWh8+9N71QkhCKlNBraFICSA29SJEuKjEJEErAkAAiNkRUcERRkaYIMijggKNDkbEiioUB
+8b2kqeGaj4aTNftesu5mob4pr07ecMywRwLBvDCJOksqlUyldAZD7g9fxIZRWWPMvXRNJROJRBIG
+Y7Vx0mva1HAwYqibdKONXye3dW4iUonhWFJnqK7OaanU1gGkErFYEgaj0cg8wK+zVPh2ziwnHy07
+U8lYTNapezSzOuevRwLB7CFkqQQCwaJDiBQIBIJFhwh8AoFg0SHUqQUCASRJKkwkhMy/JfODWPEJ
+BIJFhwh8AoFg0TFnQqQ55GtPFopcJsN97e1nYtNuIBYeGBgYCmYrmE3jZ05iaGAoMX0xzxkWz6Hv
+yO7WvrlwzA0uLzrD+VkKqViwl9IfTBVNFMyc/x9alloiPPlqhQAAAABJRU5ErkJggg==
+--e89a8ff1c1e83553e304be640612--
diff --git a/libgo/go/net/http/example_test.go b/libgo/go/net/http/example_test.go index 2584afc..ec81440 100644 --- a/libgo/go/net/http/example_test.go +++ b/libgo/go/net/http/example_test.go @@ -49,3 +49,8 @@ func ExampleGet() { res.Body.Close() fmt.Printf("%s", robots) } + +func ExampleFileServer() { + // we use StripPrefix so that /tmpfiles/somefile will access /tmp/somefile + http.Handle("/tmpfiles/", http.StripPrefix("/tmpfiles/", http.FileServer(http.Dir("/tmp")))) +} diff --git a/libgo/go/net/http/server.go b/libgo/go/net/http/server.go index 228ac40..924ffd3 100644 --- a/libgo/go/net/http/server.go +++ b/libgo/go/net/http/server.go @@ -785,8 +785,10 @@ var htmlReplacer = strings.NewReplacer( "&", "&", "<", "<", ">", ">", - `"`, """, - "'", "'", + // """ is shorter than """. + `"`, """, + // "'" is shorter than "'" and apos was not in HTML until HTML5. + "'", "'", ) func htmlEscape(s string) string { diff --git a/libgo/go/net/iprawsock_posix.go b/libgo/go/net/iprawsock_posix.go index 6bbe67c..9fc7ecd 100644 --- a/libgo/go/net/iprawsock_posix.go +++ b/libgo/go/net/iprawsock_posix.go @@ -83,9 +83,7 @@ func (c *IPConn) Close() error { if !c.ok() { return syscall.EINVAL } - err := c.fd.Close() - c.fd = nil - return err + return c.fd.Close() } // LocalAddr returns the local network address. diff --git a/libgo/go/net/tcpsock_posix.go b/libgo/go/net/tcpsock_posix.go index 15f8efd..e6b1937 100644 --- a/libgo/go/net/tcpsock_posix.go +++ b/libgo/go/net/tcpsock_posix.go @@ -108,9 +108,7 @@ func (c *TCPConn) Close() error { if !c.ok() { return syscall.EINVAL } - err := c.fd.Close() - c.fd = nil - return err + return c.fd.Close() } // CloseRead shuts down the reading side of the TCP connection. @@ -359,5 +357,5 @@ func (l *TCPListener) SetDeadline(t time.Time) error { // File returns a copy of the underlying os.File, set to blocking mode. // It is the caller's responsibility to close f when finished. -// Closing c does not affect f, and closing f does not affect c. +// Closing l does not affect f, and closing f does not affect l. func (l *TCPListener) File() (f *os.File, err error) { return l.fd.dup() } diff --git a/libgo/go/net/udpsock_posix.go b/libgo/go/net/udpsock_posix.go index 9e820e1..9c6b6d3 100644 --- a/libgo/go/net/udpsock_posix.go +++ b/libgo/go/net/udpsock_posix.go @@ -88,9 +88,7 @@ func (c *UDPConn) Close() error { if !c.ok() { return syscall.EINVAL } - err := c.fd.Close() - c.fd = nil - return err + return c.fd.Close() } // LocalAddr returns the local network address. diff --git a/libgo/go/net/unixsock_posix.go b/libgo/go/net/unixsock_posix.go index 37a2b1e..57d784c 100644 --- a/libgo/go/net/unixsock_posix.go +++ b/libgo/go/net/unixsock_posix.go @@ -141,9 +141,7 @@ func (c *UnixConn) Close() error { if !c.ok() { return syscall.EINVAL } - err := c.fd.Close() - c.fd = nil - return err + return c.fd.Close() } // LocalAddr returns the local network address, a *UnixAddr. @@ -406,7 +404,7 @@ func (l *UnixListener) SetDeadline(t time.Time) (err error) { // File returns a copy of the underlying os.File, set to blocking mode. // It is the caller's responsibility to close f when finished. -// Closing c does not affect f, and closing f does not affect c. +// Closing l does not affect f, and closing f does not affect l. func (l *UnixListener) File() (f *os.File, err error) { return l.fd.dup() } // ListenUnixgram listens for incoming Unix datagram packets addressed to the diff --git a/libgo/go/net/url/url.go b/libgo/go/net/url/url.go index 88ff7eb..b6e79ad 100644 --- a/libgo/go/net/url/url.go +++ b/libgo/go/net/url/url.go @@ -61,16 +61,16 @@ func (e EscapeError) Error() string { } // Return true if the specified character should be escaped when -// appearing in a URL string, according to RFC 2396. +// appearing in a URL string, according to RFC 3986. // When 'all' is true the full range of reserved characters are matched. func shouldEscape(c byte, mode encoding) bool { - // RFC 2396 §2.3 Unreserved characters (alphanum) + // §2.3 Unreserved characters (alphanum) if 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' || '0' <= c && c <= '9' { return false } - // TODO: Update the character sets after RFC 3986. + switch c { - case '-', '_', '.', '!', '~', '*', '\'', '(', ')': // §2.3 Unreserved characters (mark) + case '-', '_', '.', '~': // §2.3 Unreserved characters (mark) return false case '$', '&', '+', ',', '/', ':', ';', '=', '?', '@': // §2.2 Reserved characters (reserved) diff --git a/libgo/go/net/url/url_test.go b/libgo/go/net/url/url_test.go index 2d911ed..d8b2531 100644 --- a/libgo/go/net/url/url_test.go +++ b/libgo/go/net/url/url_test.go @@ -394,8 +394,8 @@ var escapeTests = []EscapeTest{ nil, }, { - " ?&=#+%!<>#\"{}|\\^[]`☺\t", - "+%3F%26%3D%23%2B%25!%3C%3E%23%22%7B%7D%7C%5C%5E%5B%5D%60%E2%98%BA%09", + " ?&=#+%!<>#\"{}|\\^[]`☺\t:/@$'()*,;", + "+%3F%26%3D%23%2B%25%21%3C%3E%23%22%7B%7D%7C%5C%5E%5B%5D%60%E2%98%BA%09%3A%2F%40%24%27%28%29%2A%2C%3B", nil, }, } diff --git a/libgo/go/os/error_windows.go b/libgo/go/os/error_windows.go index 5d692b0..fbb0d4f3 100644 --- a/libgo/go/os/error_windows.go +++ b/libgo/go/os/error_windows.go @@ -26,5 +26,5 @@ func isPermission(err error) bool { if pe, ok := err.(*PathError); ok { err = pe.Err } - return err == ErrPermission + return err == syscall.ERROR_ACCESS_DENIED || err == ErrPermission } diff --git a/libgo/go/path/filepath/path.go b/libgo/go/path/filepath/path.go index 1e74872..a4e429b 100644 --- a/libgo/go/path/filepath/path.go +++ b/libgo/go/path/filepath/path.go @@ -30,6 +30,9 @@ const ( // that is, replace "/.." by "/" at the beginning of a path, // assuming Separator is '/'. // +// The returned path ends in a slash only if it represents a root directory, +// such as "/" on Unix or `C:\` on Windows. +// // If the result of this process is an empty string, Clean // returns the string ".". // diff --git a/libgo/go/path/path.go b/libgo/go/path/path.go index 13abed0..a7e0415 100644 --- a/libgo/go/path/path.go +++ b/libgo/go/path/path.go @@ -21,6 +21,8 @@ import ( // 4. Eliminate .. elements that begin a rooted path: // that is, replace "/.." by "/" at the beginning of a path. // +// The returned path ends in a slash only if it is the root "/". +// // If the result of this process is an empty string, Clean // returns the string ".". // diff --git a/libgo/go/reflect/all_test.go b/libgo/go/reflect/all_test.go index 56744a5..c35dc26 100644 --- a/libgo/go/reflect/all_test.go +++ b/libgo/go/reflect/all_test.go @@ -638,6 +638,7 @@ var ( var deepEqualTests = []DeepEqualTest{ // Equalities + {nil, nil, true}, {1, 1, true}, {int32(1), int32(1), true}, {0.5, 0.5, true}, @@ -696,6 +697,10 @@ func TestDeepEqual(t *testing.T) { } func TestTypeOf(t *testing.T) { + // Special case for nil + if typ := TypeOf(nil); typ != nil { + t.Errorf("expected nil type for nil value; got %v", typ) + } for _, test := range deepEqualTests { v := ValueOf(test.a) if !v.IsValid() { diff --git a/libgo/go/reflect/type.go b/libgo/go/reflect/type.go index 7fe18a9..4999824 100644 --- a/libgo/go/reflect/type.go +++ b/libgo/go/reflect/type.go @@ -970,6 +970,7 @@ func toType(p *runtimeType) Type { } // TypeOf returns the reflection Type of the value in the interface{}. +// TypeOf(nil) returns nil. func TypeOf(i interface{}) Type { eface := *(*emptyInterface)(unsafe.Pointer(&i)) return toType(eface.typ) diff --git a/libgo/go/runtime/extern.go b/libgo/go/runtime/extern.go index 2c097b0..659c8f44 100644 --- a/libgo/go/runtime/extern.go +++ b/libgo/go/runtime/extern.go @@ -20,7 +20,8 @@ func Goexit() // Caller reports file and line number information about function invocations on // the calling goroutine's stack. The argument skip is the number of stack frames -// to ascend, with 0 identifying the caller of Caller. The return values report the +// to ascend, with 1 identifying the caller of Caller. (For historical reasons the +// meaning of skip differs between Caller and Callers.) The return values report the // program counter, file name, and line number within the file of the corresponding // call. The boolean ok is false if it was not possible to recover the information. func Caller(skip int) (pc uintptr, file string, line int, ok bool) diff --git a/libgo/go/text/template/exec.go b/libgo/go/text/template/exec.go index 9a720cf..feb434a 100644 --- a/libgo/go/text/template/exec.go +++ b/libgo/go/text/template/exec.go @@ -491,7 +491,11 @@ func (s *state) evalCall(dot, fun reflect.Value, name string, args []parse.Node, } // Add final value if necessary. if final.IsValid() { - argv[i] = final + t := typ.In(typ.NumIn() - 1) + if typ.IsVariadic() { + t = t.Elem() + } + argv[i] = s.validateType(final, t) } result := fun.Call(argv) // If we have an error that is not nil, stop execution and return that error to the caller. @@ -507,6 +511,7 @@ func (s *state) validateType(value reflect.Value, typ reflect.Type) reflect.Valu switch typ.Kind() { case reflect.Interface, reflect.Ptr, reflect.Chan, reflect.Map, reflect.Slice, reflect.Func: // An untyped nil interface{}. Accept as a proper nil value. + // TODO: Can we delete the other types in this list? Should we? value = reflect.Zero(typ) default: s.errorf("invalid value; expected %s", typ) diff --git a/libgo/go/text/template/exec_test.go b/libgo/go/text/template/exec_test.go index 5446027..37d25f4 100644 --- a/libgo/go/text/template/exec_test.go +++ b/libgo/go/text/template/exec_test.go @@ -470,6 +470,9 @@ var execTests = []execTest{ {"bug7a", "{{3 2}}", "", tVal, false}, {"bug7b", "{{$x := 1}}{{$x 2}}", "", tVal, false}, {"bug7c", "{{$x := 1}}{{3 | $x}}", "", tVal, false}, + // Pipelined arg was not being type-checked. + {"bug8a", "{{3|oneArg}}", "", tVal, false}, + {"bug8b", "{{4|dddArg 3}}", "", tVal, false}, } func zeroArgs() string { @@ -480,6 +483,10 @@ func oneArg(a string) string { return "oneArg=" + a } +func dddArg(a int, b ...string) string { + return fmt.Sprintln(a, b) +} + // count returns a channel that will deliver n sequential 1-letter strings starting at "a" func count(n int) chan string { if n == 0 { @@ -504,6 +511,7 @@ func testExecute(execTests []execTest, template *Template, t *testing.T) { b := new(bytes.Buffer) funcs := FuncMap{ "count": count, + "dddArg": dddArg, "oneArg": oneArg, "typeOf": typeOf, "vfunc": vfunc, diff --git a/libgo/go/text/template/funcs.go b/libgo/go/text/template/funcs.go index 525179c..8fbf0ef 100644 --- a/libgo/go/text/template/funcs.go +++ b/libgo/go/text/template/funcs.go @@ -246,7 +246,7 @@ func not(arg interface{}) (truth bool) { var ( htmlQuot = []byte(""") // shorter than """ - htmlApos = []byte("'") // shorter than "'" + htmlApos = []byte("'") // shorter than "'" and apos was not in HTML until HTML5 htmlAmp = []byte("&") htmlLt = []byte("<") htmlGt = []byte(">") diff --git a/libgo/go/time/format.go b/libgo/go/time/format.go index ad52bab..efca3a9 100644 --- a/libgo/go/time/format.go +++ b/libgo/go/time/format.go @@ -41,8 +41,8 @@ const ( ANSIC = "Mon Jan _2 15:04:05 2006" UnixDate = "Mon Jan _2 15:04:05 MST 2006" RubyDate = "Mon Jan 02 15:04:05 -0700 2006" - RFC822 = "02 Jan 06 1504 MST" - RFC822Z = "02 Jan 06 1504 -0700" // RFC822 with numeric zone + RFC822 = "02 Jan 06 15:04 MST" + RFC822Z = "02 Jan 06 15:04 -0700" // RFC822 with numeric zone RFC850 = "Monday, 02-Jan-06 15:04:05 MST" RFC1123 = "Mon, 02 Jan 2006 15:04:05 MST" RFC1123Z = "Mon, 02 Jan 2006 15:04:05 -0700" // RFC1123 with numeric zone @@ -714,7 +714,7 @@ func Parse(layout, value string) (Time, error) { } // Special case: do we have a fractional second but no // fractional second in the format? - if len(value) > 2 && value[0] == '.' && isDigit(value, 1) { + if len(value) >= 2 && value[0] == '.' && isDigit(value, 1) { _, std, _ := nextStdChunk(layout) if len(std) > 0 && std[0] == '.' && isDigit(std, 1) { // Fractional second in the layout; proceed normally diff --git a/libgo/go/time/time.go b/libgo/go/time/time.go index 473bc2a..2461dac 100644 --- a/libgo/go/time/time.go +++ b/libgo/go/time/time.go @@ -403,7 +403,7 @@ const ( Hour = 60 * Minute ) -// Duration returns a string representing the duration in the form "72h3m0.5s". +// String returns a string representing the duration in the form "72h3m0.5s". // Leading zero units are omitted. As a special case, durations less than one // second format use a smaller unit (milli-, micro-, or nanoseconds) to ensure // that the leading digit is non-zero. The zero duration formats as 0, @@ -763,7 +763,9 @@ func (t Time) Unix() int64 { } // UnixNano returns t as a Unix time, the number of nanoseconds elapsed -// since January 1, 1970 UTC. +// since January 1, 1970 UTC. The result is undefined if the Unix time +// in nanoseconds cannot be represented by an int64. Note that this +// means the result of calling UnixNano on the zero Time is undefined. func (t Time) UnixNano() int64 { return (t.sec+internalToUnix)*1e9 + int64(t.nsec) } diff --git a/libgo/go/time/time_test.go b/libgo/go/time/time_test.go index e1a75e4..c48e0a4 100644 --- a/libgo/go/time/time_test.go +++ b/libgo/go/time/time_test.go @@ -223,7 +223,7 @@ var formatTests = []FormatTest{ {"ANSIC", ANSIC, "Wed Feb 4 21:00:57 2009"}, {"UnixDate", UnixDate, "Wed Feb 4 21:00:57 PST 2009"}, {"RubyDate", RubyDate, "Wed Feb 04 21:00:57 -0800 2009"}, - {"RFC822", RFC822, "04 Feb 09 2100 PST"}, + {"RFC822", RFC822, "04 Feb 09 21:00 PST"}, {"RFC850", RFC850, "Wednesday, 04-Feb-09 21:00:57 PST"}, {"RFC1123", RFC1123, "Wed, 04 Feb 2009 21:00:57 PST"}, {"RFC1123Z", RFC1123Z, "Wed, 04 Feb 2009 21:00:57 -0800"}, @@ -310,6 +310,7 @@ var parseTests = []ParseTest{ {"RFC1123", RFC1123, "Thu, 04 Feb 2010 21:00:57.01234 PST", true, true, 1, 5}, {"RFC1123Z", RFC1123Z, "Thu, 04 Feb 2010 21:00:57.01234 -0800", true, true, 1, 5}, {"RFC3339", RFC3339, "2010-02-04T21:00:57.012345678-08:00", true, false, 1, 9}, + {"custom: \"2006-01-02 15:04:05\"", "2006-01-02 15:04:05", "2010-02-04 21:00:57.0", false, false, 1, 0}, // Amount of white space should not matter. {"ANSIC", ANSIC, "Thu Feb 4 21:00:57 2010", false, true, 1, 0}, {"ANSIC", ANSIC, "Thu Feb 4 21:00:57 2010", false, true, 1, 0}, diff --git a/libgo/go/time/zoneinfo_windows.go b/libgo/go/time/zoneinfo_windows.go index 754e392..d596fab 100644 --- a/libgo/go/time/zoneinfo_windows.go +++ b/libgo/go/time/zoneinfo_windows.go @@ -83,6 +83,9 @@ func initLocalFromTZI(i *syscall.Timezoneinformation) { l.cacheStart = -1 << 63 l.cacheEnd = 1<<63 - 1 l.cacheZone = std + l.tx = make([]zoneTrans, 1) + l.tx[0].when = l.cacheStart + l.tx[0].index = 0 return } |