Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
To prevent TOCTOU attacks, use checked IP addr directly for connections #1
Checking a connecting host in http.Transport is vulnerable for TOCTOU attacks. This p-r fixes it by checking hosts and uses resolved addrs at dialing.
I want to thank @kazuho for pointing this out (https://twitter.com/kazuho/status/628741345801154562).