Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/net/idna: ToUnicode does not correctly handle labels with mixed/uppercase ACE prefixes #48778

Open
CBonnell opened this issue Oct 4, 2021 · 1 comment

Comments

@CBonnell
Copy link

@CBonnell CBonnell commented Oct 4, 2021

What version of Go are you using (go version)?

go version go1.17.1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/corey/.cache/go-build"
GOENV="/home/corey/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/corey/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/corey/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.1"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/mnt/c/Users/corey.bonnell/Documents/github/zlint/v3/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1136496137=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Passing a domain label with a mixed-case (e.g., xN--) or uppercase (XN--) IDNA ACE prefix is not processed by idna.ToUnicode in the same manner as lowercase (xn--). According to Section 2.3.1 of RFC 5890, XN-labels are "the class of labels that begin with the prefix "xn--" (case independent), but otherwise conform to the rules for LDH labels." Given this, it appears that idna.ToUnicode incorrectly uses a case sensitive comparsion when determining whether a label is a XN-label or not.

See https://play.golang.org/p/8Fp648egSFC for a minimal program reproducing the issue.

What did you expect to see?

In the repro linked above, the program should execute successfully to completion (the error in the "Fake A-label", regardless of ACE prefix casing, is correctly returned in both case).

What did you see instead?

For the fake A-label with a mixed case ACE prefix, no error is returned. This is incorrect according to section 2.3.1 of RFC 5890, referenced above.

@mknyszek
Copy link
Contributor

@mknyszek mknyszek commented Oct 4, 2021

CC @neild

Loading

@mknyszek mknyszek added this to the Unreleased milestone Oct 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants