Skip to content

net/http: invalid RAR sniff signature from the MIME Sniff spec #30926

New issue
New issue
Closed
Closed
net/http: invalid RAR sniff signature from the MIME Sniff spec#30926
Labels
FrozenDueToAge
Milestone
 
Go1.13
@odeke-em

Description

@odeke-em
odeke-em
opened on Mar 19, 2019

I am coming here from CL https://go-review.googlesource.com/c/go/+/167781 created by @cuonglm's vigilance.

In particular it uses a wrong character for the 4th byte i.e.
0x20 " " for both RAR v5 and RAR v4 instead of 0x21 "!"

as per

go/src/net/http/sniff.go

Lines 188 to 189 in faa7fa0

&exactSig{[]byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"}, // RAR v1.5-v4.0
&exactSig{[]byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+

The sniff signature that we got from the MIME sniff spec is wrong and that's acknowledged at
whatwg/mimesniff#63
but also the official RAR Labs website shows the correct signature as
https://www.rarlab.com/technote.htm#rarsign

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAge

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions