net/http: fix wrong mime rar signature

MIME sniffing standard defines the RAR signature as 52 61 72 20 1A 07 00. But this signature is wrong, the RARlab spec defines the 4th byte must be 0x21 or "!", not 0x20 or " ". Checking a rar file also indicates that: $ file abc.rar abc.rar: RAR archive data, v1d, os: Win32 $ head -c 7 abc.rar | od -v -t x1 0000000 52 61 72 21 1a 07 00 0000007 There is also an issue to fix this problem in MIME standard. See: - https://www.rarlab.com/technote.htm#rarsign - https://github.com/whatwg/mimesniff/issues/63 Fixes #30926 Change-Id: Id2e2de7ecbf7f44d37ebaf280efd05e4972c5078 Reviewed-on: https://go-review.googlesource.com/c/go/+/167781Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

net/http: fix wrong mime rar signature
MIME sniffing standard defines the RAR signature as 52 61 72 20 1A 07 00. But this signature is wrong, the RARlab spec defines the 4th byte must be 0x21 or "!", not 0x20 or " ". Checking a rar file also indicates that: $ file abc.rar abc.rar: RAR archive data, v1d, os: Win32 $ head -c 7 abc.rar | od -v -t x1 0000000 52 61 72 21 1a 07 00 0000007 There is also an issue to fix this problem in MIME standard. See: - https://www.rarlab.com/technote.htm#rarsign - https://github.com/whatwg/mimesniff/issues/63 Fixes #30926 Change-Id: Id2e2de7ecbf7f44d37ebaf280efd05e4972c5078 Reviewed-on: https://go-review.googlesource.com/c/go/+/167781Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
349e7df2 · LE Manh Cuong · Emmanuel Odeke · b4f3b8a3 · 349e7df2 · 349e7df2
Commit 349e7df2 authored Mar 19, 2019 by LE Manh Cuong Committed by Emmanuel Odeke Mar 19, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 4 deletions

src/net/http/sniff.go src/net/http/sniff.go +8 -2

src/net/http/sniff_test.go src/net/http/sniff_test.go +4 -2

No files found.
--- a/src/net/http/sniff.go
+++ b/src/net/http/sniff.go
@@ -185,8 +185,14 @@ var sniffSignatures = []sniffSig{
 	// Archive types
 	&exactSig{[]byte("\x1F\x8B\x08"), "application/x-gzip"},
 	&exactSig{[]byte("PK\x03\x04"), "application/zip"},
-	&exactSig{[]byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"},     // RAR v1.5-v4.0
-	&exactSig{[]byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+
+	// RAR's signatures are incorrectly defined by the MIME spec as per
+	//    https://github.com/whatwg/mimesniff/issues/63
+	// However, RAR Labs correctly defines it at:
+	//    https://www.rarlab.com/technote.htm#rarsign
+	// so we use the definition from RAR Labs.
+	// TODO: do whatever the spec ends up doing.
+	&exactSig{[]byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"},     // RAR v1.5-v4.0
+	&exactSig{[]byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+

 	&exactSig{[]byte("\x00\x61\x73\x6D"), "application/wasm"},


--- a/src/net/http/sniff_test.go
+++ b/src/net/http/sniff_test.go
@@ -74,8 +74,10 @@ var sniffTests = []struct {
 	{"wasm sample", []byte("\x00\x61\x73\x6d\x01\x00"), "application/wasm"},

 	// Archive types
-	{"RAR v1.5-v4.0", []byte("Rar \x1A\x07\x00"), "application/x-rar-compressed"},
-	{"RAR v5+", []byte("Rar \x1A\x07\x01\x00"), "application/x-rar-compressed"},
+	{"RAR v1.5-v4.0", []byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"},
+	{"RAR v5+", []byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"},
+	{"Incorrect RAR v1.5-v4.0", []byte("Rar \x1A\x07\x00"), "application/octet-stream"},
+	{"Incorrect RAR v5+", []byte("Rar \x1A\x07\x01\x00"), "application/octet-stream"},
 }

 func TestDetectContentType(t *testing.T) {