Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/net/idna: context validation #30940

Open
elmauromx opened this issue Mar 19, 2019 · 7 comments

Comments

@elmauromx
Copy link

commented Mar 19, 2019

What version of Go are you using (go version)?

$ go version
go version go1.11.5 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"

What did you do?

I wrote an example to convert a-label to u-label an viceversa and also perform IDNA2008 validation based on the provided a-label.

I checked the results with other IDNA tools and found that with net/idna I am not getting context errors that other libraries are reporting.

Here is the main code of the example:

func main() {
	p = idna.New(
		idna.BidiRule(),
		idna.MapForLookup(),
		idna.StrictDomainName(true),
		idna.Transitional(false),
		idna.ValidateForRegistration(),
		idna.ValidateLabels(true),
		idna.VerifyDNSLength(true))
	alabel := os.Args[1]

	ulabel, error := p.ToUnicode(alabel)
	if error != nil {
		fmt.Printf("Error converting string: %v\n", error)
		os.Exit(1)
	}
	fmt.Println(alabel,ulabel)

	convertedAlabel, error := p.ToASCII(ulabel)
	if error != nil {
		fmt.Printf("Error converting string: %v\n", error)
		os.Exit(1)
	}

	if convertedAlabel != alabel {
		fmt.Printf("Provide a-label doesn't match converted a-label: %v\n", convertedAlabel)
		fmt.Println(convertedAlabel)
		os.Exit(1)
	}

}

Here are some label examples:

xn--diethealth-zp5i
xn--diy-ps4bb
xn--pfs-ps4bb

Can you please confirm if this is missing validation of IDNA2008?

Could it be possible to include one new method/flag to get full IDNA2008 validation with the function?

What did you expect to see?

Here are the errors reported for 2 other idna utilities:

 xn--diethealth-zp5i,string contains a forbidden context-o character,Codepoint U+30FB not allowed at position 5 in 'diet・health'
  xn--diy-ps4bb,string contains a forbidden context-o character,Codepoint U+30FB not allowed at position 2 in 'd・i・y'
  xn--pfs-ps4bb,string contains a forbidden context-o character,Codepoint U+30FB not allowed at position 2 in 'p・f・s'

What did you see instead?

xn--diethealth-zp5i diet・health
xn--diy-ps4bb d・i・y
xn--pfs-ps4bb p・f・s

@mikioh mikioh changed the title net/idna context validation x/net/idna: context validation Mar 20, 2019

@mikioh

This comment has been minimized.

Copy link
Contributor

commented Mar 20, 2019

@elmauromx

This comment has been minimized.

Copy link
Author

commented Mar 21, 2019

I would like to add another case of what appears to be a false negative (xn--03c4b1a). The program is reporting:

Error converting string: idna: invalid label "ิรืเ"

Other IDNA utilities successfully convert a-label to u-label an viceversa

@katiehockman

This comment has been minimized.

Copy link
Contributor

commented Mar 22, 2019

@elmauromx can you confirm that this same issue happens on the latest version of Go? It looks like you are running on go1.11.5.

@elmauromx

This comment has been minimized.

Copy link
Author

commented Mar 22, 2019

@katiehockman . It is the same behavior with go1.12.1 for the first case reported:

$HOME/go/bin/go version
go version go1.12.1 linux/amd64

xn--diethealth-zp5i diet・health
xn--diy-ps4bb d・i・y
xn--pfs-ps4bb p・f・s

For xn--03c4b1a it is working good on the new version:

xn--03c4b1a รืเ

@elmauromx

This comment has been minimized.

Copy link
Author

commented Apr 18, 2019

Hi. Any update on this?

@elmauromx

This comment has been minimized.

Copy link
Author

commented Jul 26, 2019

Is there any update on this? Any plans to fix it?

@katiehockman

This comment has been minimized.

Copy link
Contributor

commented Jul 30, 2019

@mpvl have you had a chance to look into this? Or is there another person that can investigate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.