diff options
| author | Damien Neil <dneil@google.com> | 2024-01-11 11:31:57 -0800 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-03-05 18:31:54 +0000 |
| commit | 821bf37819ec170cadbc9e44a7471f7613611c41 (patch) | |
| tree | 7eb97716b462b9e3ee1f080f3d791c696ba8a041 /src/database/sql | |
| parent | afb105056dc62b3f2f569341a9fff080023ee812 (diff) | |
| download | go-821bf37819ec170cadbc9e44a7471f7613611c41.tar.xz | |
net/http, net/http/cookiejar: avoid subdomain matches on IPv6 zones
When deciding whether to forward cookies or sensitive headers
across a redirect, do not attempt to interpret an IPv6 address
as a domain name.
Avoids a case where a maliciously-crafted redirect to an
IPv6 address with a scoped addressing zone could be
misinterpreted as a within-domain redirect. For example,
we could interpret "::1%.www.example.com" as a subdomain
of "www.example.com".
Thanks to Juho Nurminen of Mattermost for reporting this issue.
Fixes CVE-2023-45289
Fixes #65065
Change-Id: I8f463f59f0e700c8a18733d2b264a8bcb3a19599
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2131938
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/569340
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Diffstat (limited to 'src/database/sql')
0 files changed, 0 insertions, 0 deletions