net/http/cgi: the PATH_INFO should be empty or start with a slash

aimuz · gopherbot · commit 6458c8e45f83 · 2023-11-06T22:04:34.000Z
fixed PATH_INFO not starting with a slash as described in RFC 3875 for PATH_INFO. Fixes golang#63925 Change-Id: I1ead98dff190c53eb7a50546569ef6ded3199a0a GitHub-Last-Rev: 1c532e3 GitHub-Pull-Request: golang#63926 Reviewed-on: https://go-review.googlesource.com/c/go/+/539615 Reviewed-by: Bryan Mills <bcmills@google.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/src/net/http/cgi/host.go b/src/net/http/cgi/host.go
@@ -115,21 +115,14 @@ func removeLeadingDuplicates(env []string) (ret []string) {
 }
 
 func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	root := h.Root
-	if root == "" {
-		root = "/"
-	}
-
 	if len(req.TransferEncoding) > 0 && req.TransferEncoding[0] == "chunked" {
 		rw.WriteHeader(http.StatusBadRequest)
 		rw.Write([]byte("Chunked request bodies are not supported by CGI."))
 		return
 	}
 
-	pathInfo := req.URL.Path
-	if root != "/" && strings.HasPrefix(pathInfo, root) {
-		pathInfo = pathInfo[len(root):]
-	}
+	root := strings.TrimRight(h.Root, "/")
+	pathInfo := strings.TrimPrefix(req.URL.Path, root)
 
 	port := "80"
 	if req.TLS != nil {
diff --git a/src/net/http/cgi/host_test.go b/src/net/http/cgi/host_test.go
@@ -210,14 +210,14 @@ func TestPathInfoDirRoot(t *testing.T) {
 	check(t)
 	h := &Handler{
 		Path: "testdata/test.cgi",
-		Root: "/myscript/",
+		Root: "/myscript//",
 	}
 	expectedMap := map[string]string{
-		"env-PATH_INFO":       "bar",
+		"env-PATH_INFO":       "/bar",
 		"env-QUERY_STRING":    "a=b",
 		"env-REQUEST_URI":     "/myscript/bar?a=b",
 		"env-SCRIPT_FILENAME": "testdata/test.cgi",
-		"env-SCRIPT_NAME":     "/myscript/",
+		"env-SCRIPT_NAME":     "/myscript",
 	}
 	runCgiTest(t, h, "GET /myscript/bar?a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)
 }
@@ -278,7 +278,7 @@ func TestPathInfoNoRoot(t *testing.T) {
 		"env-QUERY_STRING":    "a=b",
 		"env-REQUEST_URI":     "/bar?a=b",
 		"env-SCRIPT_FILENAME": "testdata/test.cgi",
-		"env-SCRIPT_NAME":     "/",
+		"env-SCRIPT_NAME":     "",
 	}
 	runCgiTest(t, h, "GET /bar?a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)
 }

Original file line number	Diff line number	Diff line change
`@@ -210,14 +210,14 @@ func TestPathInfoDirRoot(t *testing.T) {`
`210`	`210`	`check(t)`
`211`	`211`	`h := &Handler{`
`212`	`212`	`Path: "testdata/test.cgi",`
`213`		`- Root: "/myscript/",`
	`213`	`+ Root: "/myscript//",`
`214`	`214`	`}`
`215`	`215`	`expectedMap := map[string]string{`
`216`		`- "env-PATH_INFO": "bar",`
	`216`	`+ "env-PATH_INFO": "/bar",`
`217`	`217`	`"env-QUERY_STRING": "a=b",`
`218`	`218`	`"env-REQUEST_URI": "/myscript/bar?a=b",`
`219`	`219`	`"env-SCRIPT_FILENAME": "testdata/test.cgi",`
`220`		`- "env-SCRIPT_NAME": "/myscript/",`
	`220`	`+ "env-SCRIPT_NAME": "/myscript",`
`221`	`221`	`}`
`222`	`222`	`runCgiTest(t, h, "GET /myscript/bar?a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)`
`223`	`223`	`}`
`@@ -278,7 +278,7 @@ func TestPathInfoNoRoot(t *testing.T) {`
`278`	`278`	`"env-QUERY_STRING": "a=b",`
`279`	`279`	`"env-REQUEST_URI": "/bar?a=b",`
`280`	`280`	`"env-SCRIPT_FILENAME": "testdata/test.cgi",`
`281`		`- "env-SCRIPT_NAME": "/",`
	`281`	`+ "env-SCRIPT_NAME": "",`
`282`	`282`	`}`
`283`	`283`	`runCgiTest(t, h, "GET /bar?a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)`
`284`	`284`	`}`