Previously, if an http.Handler didn't fully consume a
Request.Body before returning and the request and the response
from the handler indicated no reason to close the connection,
the server would read an unbounded amount of the request's
unread body to advance past the request message to find the
next request's header. That was a potential DoS.
With this CL there's a threshold under which we read
(currently 256KB) in order to keep the connection in
keep-alive mode, but once we hit that, we instead
switch into a "Connection: close" response and don't
read the request body.
Fixes#2093 (along with number of earlier CLs)
R=golang-dev, dsymonds
CC=golang-dev
https://golang.org/cl/5268043
The current code will panic if an invalid
request (one with a nil URL) is passed to
the doFollowingRedirects function.
Also, remove a redundant nil Header check.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5270046
When xml.Marshal is called on a struct it will happily
reflect the information in the "tag" of an XMLName member
regardless of the type to give the struct a tag-name in
it's XML form. This is backed up by the documentation which
says:
However xml.Unmarshal *does* care about the XMLName field
being of type xml.Name, and currently returns the error
"field XMLName does not have type xml.Name" if you have it
set to something else.
This is firstly inconsistant with xml.Marshal but it also
makes it impossible to use xml.Marshal alongside other
Marshallers (like json/bson) without poluting the state's
namespace with XMLName fields. Inorder to exclude fields
from other Marshallers the convention has been started to
tag fields as "omitempty"; which will cause the field not
to display if it is at it's "zero" state, XMLName cannot
have such as zero-state since it is a struct, so it is nicer
to use a pointer/bool value for XMLName so it can be easily
excluded when I want to Marshal my struct by some other
wire format.
Attached is the proposed minor change, that simply stops
erring if it can't set the name on the XMLName field, which
is just optional metadata anyway.
Fixes#2265.
R=rsc
CC=golang-dev
https://golang.org/cl/5067044
Apparently some versions of bash do the ||exit implicitly
when in set -e mode, but others do not. ???
R=gri
CC=golang-dev
https://golang.org/cl/5285043
We also have functions for dealing with PKCS#1 private keys. This
change adds functions for PKIX /public/ keys. Most of the time one
won't be parsing them because they usually come in certificates, but
marshaling them happens and I've previously copied the code from
x509.go for this.
R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/5286042
X509 names, like everything else X509, are ludicrously general. This
change keeps the raw version of the subject and issuer around for
matching. Since certificates use a distinguished encoding, comparing
the encoding is the same as comparing the values directly. This came
up recently when parsing the NSS built-in certificates which use the
raw subject and issuer for matching trust records to certificates.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5275047
Firefox Websocket implementation send a "Connection: keep-alive, upgrade"
header during the handshake (and as descripted on the last hybi draft
the "Connection" header must include, but doesn't need to be equal to,
"upgrade":
'4. A "Connection" header field that includes the token "Upgrade",
treated as an ASCII case-insensitive value.'
From:
http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-17#page-23
R=golang-dev, ukai, cw, rsc
CC=golang-dev
https://golang.org/cl/5233059
Adjust goyacc.go to produce code that is gofmt-compliant whenever it is easy to do so. Also changed two lines in cpyact that appeared to be bugs.
Also updated units.y to remove a few other errors.
After this change, units.go has only two style errors: an extra newline at the top of the file, and yys misaligned in yySymType.
R=rsc
CC=golang-dev
https://golang.org/cl/5265047
Notably, the "data" argument should be nil if no options are
given, or (at least) the cgroup filesystem will refuse to
mount.
R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/5147047
Previously, the tokenizer made two passes per token. The first pass
established the token boundary. The second pass picked out the tag name
and attributes inside that boundary. This was problematic when the two
passes disagreed. For example, "<p id=can't><p id=won't>" caused an
infinite loop because the first pass skipped everything inside the
single quotes, and recognized only one token, but the second pass never
got past the first '>'.
This change rewrites the tokenizer to use one pass, accumulating the
boundary points of token text, tag names, attribute keys and attribute
values as it looks for the token endpoint.
It should still be reasonably efficient: text, names, keys and values
are not lower-cased or unescaped (and converted from []byte to string)
until asked for.
One of the token_test test cases was fixed to be consistent with
html5lib. Three more test cases were temporarily disabled, and will be
re-enabled in a follow-up CL. All the parse_test test cases pass.
R=andybalholm, gri
CC=golang-dev
https://golang.org/cl/5244061
Also test only specific fixes, not all fixes.
This means we don't have to keep updating old
test cases to match later changes to the library.
I had to adjust some of the reflect test cases,
because they were implicitly testing
reflect+oserrorstring, not just reflect.
R=golang-dev, bradfitz, r
CC=golang-dev
https://golang.org/cl/5283042
On recent Debian systems the gold 2.20 check triggers though
Debian doesn't have version 2.20 but rather has:
GNU gold (GNU Binutils for Debian 2.21.52.20110606) 1.11
^^^^
R=rsc, iant
CC=golang-dev
https://golang.org/cl/5252055
The decompression routine is in its own file because
G3 encoding (which is more complicated) will be put
there.
R=nigeltao
CC=golang-dev
https://golang.org/cl/5177047
(more are possible but omitted for now as they are part of
specific tests where rather than changing what is there we
should probably expand the tests to cover the new case)
R=rsc, dvyukov
CC=golang-dev
https://golang.org/cl/5247058
