From 1d5729261878487fa61508b204b9ad99e436f11b Mon Sep 17 00:00:00 2001
From: Dmitri Shuralyov <dmitshur@golang.org>
Date: Fri, 20 Oct 2023 14:47:21 -0400
Subject: [PATCH] x509roots: check HTTP response status code and media type

The HTTP response status code is expected to be 200 OK, and
the certdata.txt file media type is expected to be plain text.
Check that it is before proceeding with parsing it.

Might help avoid repeats of CL 535735.

Change-Id: I1a7896b3e20d33a23fdc53c572ae9700c9eae1ef
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536717
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Commit-Queue: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
---
 x509roots/gen_fallback_bundle.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go
index 80b2044d22..ec3014ff63 100644
--- a/x509roots/gen_fallback_bundle.go
+++ b/x509roots/gen_fallback_bundle.go
@@ -17,6 +17,7 @@ import (
 	"go/format"
 	"io"
 	"log"
+	"mime"
 	"net/http"
 	"os"
 	"sort"
@@ -86,6 +87,16 @@ func main() {
 			log.Fatalf("failed to request %q: %s", *certDataURL, err)
 		}
 		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusOK {
+			body, _ := io.ReadAll(io.LimitReader(resp.Body, 4<<10))
+			log.Fatalf("got non-200 OK status code: %v body: %q", resp.Status, body)
+		} else if ct, want := resp.Header.Get("Content-Type"), `text/plain; charset="UTF-8"`; ct != want {
+			if mediaType, _, err := mime.ParseMediaType(ct); err != nil {
+				log.Fatalf("bad Content-Type header %q: %v", ct, err)
+			} else if mediaType != "text/plain" {
+				log.Fatalf("got media type %q, want %q", mediaType, "text/plain")
+			}
+		}
 		certdata = resp.Body
 	}