]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d35035f) | patch
net/http: drop headers with invalid keys in Header.Write
authorDamien Neil <dneil@google.com>
Mon, 16 Aug 2021 17:46:06 +0000 (10:46 -0700)
committerDamien Neil <dneil@google.com>
Mon, 16 Aug 2021 20:02:13 +0000 (20:02 +0000)
commitec271687129dc8b263699b0b9d3abed71d8bd39d
tree6e0a191995c904334d426042b79d0f819548d904tree
parentd35035f84e5dbe4c740d3f338ba89b41a00e270ecommit | diff
net/http: drop headers with invalid keys in Header.Write

Don't let handlers inject unexpected headers by setting keys like:
w.Header().Set("Evil: x\r\nSmuggle", y)

Fixes #47711.

Change-Id: I459ce1c79bc273a84230a0f5b665f81c46dbc672
Reviewed-on: https://go-review.googlesource.com/c/go/+/342530
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
src/net/http/header.go diff | blob | history
src/net/http/header_test.go diff | blob | history
Go GOST TLS 1.3