Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upx/net/idna: ToASCII() mangles long strings #28233
Open
Labels
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?What did you do?
Contrived test case:
What did you expect to see?
An error from
idna.ToASCII()
or the output that python3's punycode encoder produces.What did you see instead?
The overflow check here does not seem to catch the case where the wraparound is big enough that
delta + (m - n) * (h + 1) >= 0
.In the test case, it's
0 + (65535 - 128) * (65665 + 1) == 4295016062 % 2**32 == 48766
.Either the input should be rejected (reasonable, many other punycode encoders do) or it should use int64 arithmetic, like python3 does. Python may be an outlier; I'm not aware of other encoders that behave like that.