commit | 117ddcb83d7f42d6aa72241240af99ded81118e9 | [log] [tgz] |
---|---|---|
author | Brad Fitzpatrick <bradfitz@golang.org> | Tue Jun 30 09:22:41 2015 -0700 |
committer | Brad Fitzpatrick <bradfitz@golang.org> | Tue Jun 30 17:59:02 2015 +0000 |
tree | 8c6a553a5346c950178980923db34a32cc8c2592 | |
parent | 8884fa747658a0d08675d22aa30636f7a0645cb3 [diff] |
net/textproto: don't treat spaces as hyphens in header keys This was originally done in https://codereview.appspot.com/5690059 (Feb 2012) to deal with bad response headers coming back from webcams, but it presents a potential security problem with HTTP request smuggling for request headers containing "Content Length" instead of "Content-Length". Part of overall HTTP hardening for request smuggling. See RFC 7230. Thanks to RĂ©gis Leroy for the report. Change-Id: I92b17fb637c9171c5774ea1437979ae2c17ca88a Reviewed-on: https://go-review.googlesource.com/11772 Reviewed-by: Russ Cox <rsc@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
For documentation about how to install and use Go, visit https://golang.org/ or load doc/install-source.html in your web browser.
Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.
Please report issues here: https://golang.org/issue/new
Go is the work of hundreds of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
If you have just untarred a binary Go distribution, you need to set the environment variable $GOROOT to the full path of the go directory (the one containing this file). You can omit the variable if you unpack it into /usr/local/go, or if you rebuild from sources by running all.bash (see doc/install-source.html). You should also add the Go binary directory $GOROOT/bin to your shell's path.
For example, if you extracted the tar file into $HOME/go, you might put the following in your .profile:
export GOROOT=$HOME/go export PATH=$PATH:$GOROOT/bin
See https://golang.org/doc/install or doc/install.html for more details.