net/http: drop headers with invalid keys in Header.Write

author Damien Neil <dneil@google.com>

Mon, 16 Aug 2021 17:46:06 +0000 (10:46 -0700)

committer Damien Neil <dneil@google.com>

Mon, 16 Aug 2021 20:02:13 +0000 (20:02 +0000)
author Damien Neil <dneil@google.com>
Mon, 16 Aug 2021 17:46:06 +0000 (10:46 -0700)
committer Damien Neil <dneil@google.com>
Mon, 16 Aug 2021 20:02:13 +0000 (20:02 +0000)
diff --git a/src/net/http/header.go b/src/net/http/header.go

index 4c72dcb2c88d254f3e8b81a483bb6b40079f4b37..cc9c28e3d0d6203a17242f0a048adbb9de04caf7 100644 (file)
--- a/src/net/http/header.go
+++ b/src/net/http/header.go
@@ -13,6 +13,8 @@ import (
         "strings"
         "sync"
         "time"
+
+       "golang.org/x/net/http/httpguts"
  )
  
  // A Header represents the key-value pairs in an HTTP header.
@@ -192,6 +194,13 @@ func (h Header) writeSubset(w io.Writer, exclude map[string]bool, trace *httptra
         kvs, sorter := h.sortedKeyValues(exclude)
         var formattedVals []string
         for _, kv := range kvs {
+               if !httpguts.ValidHeaderFieldName(kv.key) {
+                       // This could be an error. In the common case of
+                       // writing reponse headers, however, we have no good
+                       // way to provide the error back to the server
+                       // handler, so just drop invalid headers instead.
+                       continue
+               }
                 for _, v := range kv.values {
                         v = headerNewlineToSpace.Replace(v)
                         v = textproto.TrimString(v)
diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go

index 47893629194b6a6dedde343b06c73ac0db976f34..57d16f51a5d62e662847b47fbf33203048c8b8bb 100644 (file)
--- a/src/net/http/header_test.go
+++ b/src/net/http/header_test.go
@@ -89,6 +89,19 @@ var headerWriteTests = []struct {
                         "k4: 4a\r\nk4: 4b\r\nk6: 6a\r\nk6: 6b\r\n" +
                         "k7: 7a\r\nk7: 7b\r\nk8: 8a\r\nk8: 8b\r\nk9: 9a\r\nk9: 9b\r\n",
         },
+       // Tests invalid characters in headers.
+       {
+               Header{
+                       "Content-Type":             {"text/html; charset=UTF-8"},
+                       "NewlineInValue":           {"1\r\nBar: 2"},
+                       "NewlineInKey\r\n":         {"1"},
+                       "Colon:InKey":              {"1"},
+                       "Evil: 1\r\nSmuggledValue": {"1"},
+               },
+               nil,
+               "Content-Type: text/html; charset=UTF-8\r\n" +
+                       "NewlineInValue: 1  Bar: 2\r\n",
+       },
  }
  
  func TestHeaderWrite(t *testing.T) {
author	Damien Neil <dneil@google.com>
	Mon, 16 Aug 2021 17:46:06 +0000 (10:46 -0700)
committer	Damien Neil <dneil@google.com>
	Mon, 16 Aug 2021 20:02:13 +0000 (20:02 +0000)
src/net/http/header.go		patch \| blob \| history
src/net/http/header_test.go		patch \| blob \| history