projects / golang-1.7.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 504aba3) | patch
[PATCH] cmd/go: restrict meta imports to valid schemes
authorIan Lance Taylor <iant@golang.org>
Thu, 15 Feb 2018 23:57:13 +0000 (15:57 -0800)
committerSylvain Beucler <beuc@debian.org>
Tue, 26 Apr 2022 17:32:45 +0000 (18:32 +0100)
commit0cc6911d98f8959866f2cfb358e380e5d8fafd7d
tree21df046b8807721b6809b3327f1cb7b05158dcdetree | snapshot
parent504aba366a50f5c2b3b5d91f2e7f45280a0f7424commit | diff
[PATCH] cmd/go: restrict meta imports to valid schemes

Before this change, when using -insecure, we permitted any meta import
repo root as long as it contained "://". When not using -insecure, we
restrict meta import repo roots to be valid URLs. People may depend on
that somehow, so permit meta import repo roots to be invalid URLs, but
require them to have valid schemes per RFC 3986.

Fixes #23867

Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
Reviewed-on: https://go-review.googlesource.com/94603
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Gbp-Pq: Name cve-2018-7187.patch
src/cmd/go/vcs.go diff | blob | history
src/cmd/go/vcs_test.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.