net/http: update copy of http2

Updates to x/net git revision 9946ad7

Change-Id: I95c03daf382667002a5b22f184bd9b7d18144913
Reviewed-on: https://go-review.googlesource.com/16066
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 68e6d79..9be5ebf 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -1750,7 +1750,7 @@
 var (
 	http2errClientDisconnected = errors.New("client disconnected")
 	http2errClosedBody         = errors.New("body closed by handler")
-	http2errStreamBroken       = errors.New("http2: stream broken")
+	http2errStreamClosed       = errors.New("http2: stream closed")
 )
 
 var http2responseWriterStatePool = sync.Pool{
@@ -1819,24 +1819,33 @@
 	if conf == nil {
 		conf = new(http2Server)
 	}
+
 	if s.TLSConfig == nil {
 		s.TLSConfig = new(tls.Config)
-	}
-
-	if s.TLSConfig.CipherSuites != nil {
+	} else if s.TLSConfig.CipherSuites != nil {
+		// If they already provided a CipherSuite list, return
+		// an error if it has a bad order or is missing
+		// ECDHE_RSA_WITH_AES_128_GCM_SHA256.
 		const requiredCipher = tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 		haveRequired := false
-		for _, v := range s.TLSConfig.CipherSuites {
-			if v == requiredCipher {
+		sawBad := false
+		for i, cs := range s.TLSConfig.CipherSuites {
+			if cs == requiredCipher {
 				haveRequired = true
-				break
+			}
+			if http2isBadCipher(cs) {
+				sawBad = true
+			} else if sawBad {
+				return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs)
 			}
 		}
 		if !haveRequired {
-			s.TLSConfig.CipherSuites = append(s.TLSConfig.CipherSuites, requiredCipher)
+			return fmt.Errorf("http2: TLSConfig.CipherSuites is missing HTTP/2-required TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
 		}
 	}
 
+	s.TLSConfig.PreferServerCipherSuites = true
+
 	haveNPN := false
 	for _, p := range s.TLSConfig.NextProtos {
 		if p == http2NextProtoTLS {
@@ -1861,7 +1870,7 @@
 	}
 	s.TLSNextProto[http2NextProtoTLS] = protoHandler
 	s.TLSNextProto["h2-14"] = protoHandler
-	return nil // temporary manual edit to h2_bundle.go, to be deleted once we update from x/net again
+	return nil
 }
 
 func (srv *http2Server) handleConn(hs *Server, c net.Conn, h Handler) {
@@ -1875,7 +1884,7 @@
 		streams:          make(map[uint32]*http2stream),
 		readFrameCh:      make(chan http2readFrameResult),
 		wantWriteFrameCh: make(chan http2frameWriteMsg, 8),
-		wroteFrameCh:     make(chan struct{}, 1),
+		wroteFrameCh:     make(chan http2frameWriteResult, 1),
 		bodyReadCh:       make(chan http2bodyReadMsg),
 		doneServing:      make(chan struct{}),
 		advMaxStreams:    srv.maxConcurrentStreams(),
@@ -1961,15 +1970,15 @@
 	handler          Handler
 	framer           *http2Framer
 	hpackDecoder     *hpack.Decoder
-	doneServing      chan struct{}             // closed when serverConn.serve ends
-	readFrameCh      chan http2readFrameResult // written by serverConn.readFrames
-	wantWriteFrameCh chan http2frameWriteMsg   // from handlers -> serve
-	wroteFrameCh     chan struct{}             // from writeFrameAsync -> serve, tickles more frame writes
-	bodyReadCh       chan http2bodyReadMsg     // from handlers -> serve
-	testHookCh       chan func(int)            // code to run on the serve loop
-	flow             http2flow                 // conn-wide (not stream-specific) outbound flow control
-	inflow           http2flow                 // conn-wide inbound flow control
-	tlsState         *tls.ConnectionState      // shared by all handlers, like net/http
+	doneServing      chan struct{}              // closed when serverConn.serve ends
+	readFrameCh      chan http2readFrameResult  // written by serverConn.readFrames
+	wantWriteFrameCh chan http2frameWriteMsg    // from handlers -> serve
+	wroteFrameCh     chan http2frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes
+	bodyReadCh       chan http2bodyReadMsg      // from handlers -> serve
+	testHookCh       chan func(int)             // code to run on the serve loop
+	flow             http2flow                  // conn-wide (not stream-specific) outbound flow control
+	inflow           http2flow                  // conn-wide inbound flow control
+	tlsState         *tls.ConnectionState       // shared by all handlers, like net/http
 	remoteAddrStr    string
 
 	// Everything following is owned by the serve loop; use serveG.check():
@@ -2086,6 +2095,15 @@
 	return http2stateIdle, nil
 }
 
+// setConnState calls the net/http ConnState hook for this connection, if configured.
+// Note that the net/http package does StateNew and StateClosed for us.
+// There is currently no plan for StateHijacked or hijacking HTTP/2 connections.
+func (sc *http2serverConn) setConnState(state ConnState) {
+	if sc.hs.ConnState != nil {
+		sc.hs.ConnState(sc.conn, state)
+	}
+}
+
 func (sc *http2serverConn) vlogf(format string, args ...interface{}) {
 	if http2VerboseLogs {
 		sc.logf(format, args...)
@@ -2207,20 +2225,19 @@
 	}
 }
 
+// frameWriteResult is the message passed from writeFrameAsync to the serve goroutine.
+type http2frameWriteResult struct {
+	wm  http2frameWriteMsg // what was written (or attempted)
+	err error              // result of the writeFrame call
+}
+
 // writeFrameAsync runs in its own goroutine and writes a single frame
 // and then reports when it's done.
 // At most one goroutine can be running writeFrameAsync at a time per
 // serverConn.
 func (sc *http2serverConn) writeFrameAsync(wm http2frameWriteMsg) {
 	err := wm.write.writeFrame(sc)
-	if ch := wm.done; ch != nil {
-		select {
-		case ch <- err:
-		default:
-			panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wm.write))
-		}
-	}
-	sc.wroteFrameCh <- struct{}{}
+	sc.wroteFrameCh <- http2frameWriteResult{wm, err}
 }
 
 func (sc *http2serverConn) closeAllStreamsOnConnClose() {
@@ -2275,6 +2292,9 @@
 		return
 	}
 
+	sc.setConnState(StateActive)
+	sc.setConnState(StateIdle)
+
 	go sc.readFrames()
 
 	settingsTimer := time.NewTimer(http2firstSettingsTimeout)
@@ -2284,12 +2304,8 @@
 		select {
 		case wm := <-sc.wantWriteFrameCh:
 			sc.writeFrame(wm)
-		case <-sc.wroteFrameCh:
-			if sc.writingFrame != true {
-				panic("internal error: expected to be already writing a frame")
-			}
-			sc.writingFrame = false
-			sc.scheduleFrameWrite()
+		case res := <-sc.wroteFrameCh:
+			sc.wroteFrame(res)
 		case res := <-sc.readFrameCh:
 			if !sc.processFrameFromReader(res) {
 				return
@@ -2355,20 +2371,28 @@
 // scheduling decisions available.
 func (sc *http2serverConn) writeDataFromHandler(stream *http2stream, writeData *http2writeData) error {
 	ch := http2errChanPool.Get().(chan error)
-	sc.writeFrameFromHandler(http2frameWriteMsg{
+	err := sc.writeFrameFromHandler(http2frameWriteMsg{
 		write:  writeData,
 		stream: stream,
 		done:   ch,
 	})
-	select {
-	case err := <-ch:
-		http2errChanPool.Put(ch)
+	if err != nil {
 		return err
+	}
+	select {
+	case err = <-ch:
 	case <-sc.doneServing:
 		return http2errClientDisconnected
 	case <-stream.cw:
-		return http2errStreamBroken
+
+		select {
+		case err = <-ch:
+		default:
+			return http2errStreamClosed
+		}
 	}
+	http2errChanPool.Put(ch)
+	return err
 }
 
 // writeFrameFromHandler sends wm to sc.wantWriteFrameCh, but aborts
@@ -2378,24 +2402,14 @@
 // deadlock writing to sc.wantWriteFrameCh (which is only mildly
 // buffered and is read by serve itself). If you're on the serve
 // goroutine, call writeFrame instead.
-func (sc *http2serverConn) writeFrameFromHandler(wm http2frameWriteMsg) {
+func (sc *http2serverConn) writeFrameFromHandler(wm http2frameWriteMsg) error {
 	sc.serveG.checkNotOn()
-	var scheduled bool
 	select {
 	case sc.wantWriteFrameCh <- wm:
-		scheduled = true
+		return nil
 	case <-sc.doneServing:
 
-	case <-wm.stream.cw:
-
-	}
-
-	if !scheduled && wm.done != nil {
-		select {
-		case wm.done <- http2errStreamBroken:
-		default:
-			panic("expected buffered channel")
-		}
+		return http2errClientDisconnected
 	}
 }
 
@@ -2421,7 +2435,6 @@
 	if sc.writingFrame {
 		panic("internal error: can only be writing one frame at a time")
 	}
-	sc.writingFrame = true
 
 	st := wm.stream
 	if st != nil {
@@ -2431,15 +2444,42 @@
 		case http2stateClosed:
 			if st.sentReset || st.gotReset {
 
-				sc.wroteFrameCh <- struct{}{}
+				sc.scheduleFrameWrite()
 				return
 			}
 			panic(fmt.Sprintf("internal error: attempt to send a write %v on a closed stream", wm))
 		}
 	}
 
+	sc.writingFrame = true
 	sc.needsFrameFlush = true
-	if http2endsStream(wm.write) {
+	go sc.writeFrameAsync(wm)
+}
+
+// wroteFrame is called on the serve goroutine with the result of
+// whatever happened on writeFrameAsync.
+func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) {
+	sc.serveG.check()
+	if !sc.writingFrame {
+		panic("internal error: expected to be already writing a frame")
+	}
+	sc.writingFrame = false
+
+	wm := res.wm
+	st := wm.stream
+
+	closeStream := http2endsStream(wm.write)
+
+	if ch := wm.done; ch != nil {
+		select {
+		case ch <- res.err:
+		default:
+			panic(fmt.Sprintf("unbuffered done channel passed in for type %T", wm.write))
+		}
+	}
+	wm.write = nil
+
+	if closeStream {
 		if st == nil {
 			panic("internal error: expecting non-nil stream")
 		}
@@ -2453,7 +2493,8 @@
 			sc.closeStream(st, nil)
 		}
 	}
-	go sc.writeFrameAsync(wm)
+
+	sc.scheduleFrameWrite()
 }
 
 // scheduleFrameWrite tickles the frame writing scheduler.
@@ -2692,6 +2733,9 @@
 	}
 	st.state = http2stateClosed
 	sc.curOpenStreams--
+	if sc.curOpenStreams == 0 {
+		sc.setConnState(StateIdle)
+	}
 	delete(sc.streams, st.id)
 	if p := st.body; p != nil {
 		p.Close(err)
@@ -2838,6 +2882,9 @@
 		http2adjustStreamPriority(sc.streams, st.id, f.Priority)
 	}
 	sc.curOpenStreams++
+	if sc.curOpenStreams == 1 {
+		sc.setConnState(StateActive)
+	}
 	sc.req = http2requestParam{
 		stream: st,
 		header: make(Header),
@@ -3031,29 +3078,32 @@
 
 // called from handler goroutines.
 // h may be nil.
-func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) {
+func (sc *http2serverConn) writeHeaders(st *http2stream, headerData *http2writeResHeaders) error {
 	sc.serveG.checkNotOn()
 	var errc chan error
 	if headerData.h != nil {
 
 		errc = http2errChanPool.Get().(chan error)
 	}
-	sc.writeFrameFromHandler(http2frameWriteMsg{
+	if err := sc.writeFrameFromHandler(http2frameWriteMsg{
 		write:  headerData,
 		stream: st,
 		done:   errc,
-	})
+	}); err != nil {
+		return err
+	}
 	if errc != nil {
 		select {
-		case <-errc:
-
+		case err := <-errc:
 			http2errChanPool.Put(errc)
+			return err
 		case <-sc.doneServing:
-
+			return http2errClientDisconnected
 		case <-st.cw:
-
+			return http2errStreamClosed
 		}
 	}
+	return nil
 }
 
 // called from handler goroutines.
@@ -3227,7 +3277,7 @@
 			ctype = DetectContentType(p)
 		}
 		endStream := rws.handlerDone && len(p) == 0
-		rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{
+		err = rws.conn.writeHeaders(rws.stream, &http2writeResHeaders{
 			streamID:      rws.stream.id,
 			httpResCode:   rws.status,
 			h:             rws.snapHeader,
@@ -3235,6 +3285,9 @@
 			contentType:   ctype,
 			contentLength: clen,
 		})
+		if err != nil {
+			return 0, err
+		}
 		if endStream {
 			return 0, nil
 		}
@@ -3242,6 +3295,7 @@
 	if len(p) == 0 && !rws.handlerDone {
 		return 0, nil
 	}
+
 	curWrite := &rws.curWrite
 	curWrite.streamID = rws.stream.id
 	curWrite.p = p
@@ -3603,7 +3657,7 @@
 			cc.initialWindowSize = s.Val
 		default:
 
-			log.Printf("Unhandled Setting: %v", s)
+			t.vlogf("Unhandled Setting: %v", s)
 		}
 		return nil
 	})
@@ -3727,7 +3781,6 @@
 }
 
 func (cc *http2clientConn) writeHeader(name, value string) {
-	log.Printf("sending %q = %q", name, value)
 	cc.henc.WriteField(hpack.HeaderField{Name: name, Value: value})
 }
 
@@ -3784,20 +3837,20 @@
 			cc.readerErr = err
 			return
 		}
-		log.Printf("Transport received %v: %#v", f.Header(), f)
+		cc.vlogf("Transport received %v: %#v", f.Header(), f)
 
 		streamID := f.Header().StreamID
 
 		_, isContinue := f.(*http2ContinuationFrame)
 		if isContinue {
 			if streamID != continueStreamID {
-				log.Printf("Protocol violation: got CONTINUATION with id %d; want %d", streamID, continueStreamID)
+				cc.logf("Protocol violation: got CONTINUATION with id %d; want %d", streamID, continueStreamID)
 				cc.readerErr = http2ConnectionError(http2ErrCodeProtocol)
 				return
 			}
 		} else if continueStreamID != 0 {
 
-			log.Printf("Protocol violation: got %T for stream %d, want CONTINUATION for %d", f, streamID, continueStreamID)
+			cc.logf("Protocol violation: got %T for stream %d, want CONTINUATION for %d", f, streamID, continueStreamID)
 			cc.readerErr = http2ConnectionError(http2ErrCodeProtocol)
 			return
 		}
@@ -3813,7 +3866,7 @@
 
 		cs := cc.streamByID(streamID, streamEnded)
 		if cs == nil {
-			log.Printf("Received frame for untracked stream ID %d", streamID)
+			cc.logf("Received frame for untracked stream ID %d", streamID)
 			continue
 		}
 
@@ -3829,17 +3882,19 @@
 		case *http2ContinuationFrame:
 			cc.hdec.Write(f.HeaderBlockFragment())
 		case *http2DataFrame:
-			log.Printf("DATA: %q", f.Data())
+			if http2VerboseLogs {
+				cc.logf("DATA: %q", f.Data())
+			}
 			cs.pw.Write(f.Data())
 		case *http2GoAwayFrame:
 			cc.t.removeClientConn(cc)
 			if f.ErrCode != 0 {
 
-				log.Printf("transport got GOAWAY with error code = %v", f.ErrCode)
+				cc.vlogf("transport got GOAWAY with error code = %v", f.ErrCode)
 			}
 			cc.setGoAway(f)
 		default:
-			log.Printf("Transport: unhandled response frame type %T", f)
+			cc.logf("Transport: unhandled response frame type %T", f)
 		}
 		headersEnded := false
 		if he, ok := f.(http2headersEnder); ok {
@@ -3870,7 +3925,9 @@
 
 func (cc *http2clientConn) onNewHeaderField(f hpack.HeaderField) {
 
-	log.Printf("Header field: %+v", f)
+	if http2VerboseLogs {
+		cc.logf("Header field: %+v", f)
+	}
 	if f.Name == ":status" {
 		code, err := strconv.Atoi(f.Value)
 		if err != nil {
@@ -3887,6 +3944,24 @@
 	cc.nextRes.Header.Add(CanonicalHeaderKey(f.Name), f.Value)
 }
 
+func (cc *http2clientConn) logf(format string, args ...interface{}) {
+	cc.t.logf(format, args...)
+}
+
+func (cc *http2clientConn) vlogf(format string, args ...interface{}) {
+	cc.t.vlogf(format, args...)
+}
+
+func (t *http2Transport) vlogf(format string, args ...interface{}) {
+	if http2VerboseLogs {
+		t.logf(format, args...)
+	}
+}
+
+func (t *http2Transport) logf(format string, args ...interface{}) {
+	log.Printf(format, args...)
+}
+
 // writeFramer is implemented by any type that is used to write frames.
 type http2writeFramer interface {
 	writeFrame(http2writeContext) error
@@ -3915,6 +3990,9 @@
 		return v.endStream
 	case *http2writeResHeaders:
 		return v.endStream
+	case nil:
+
+		panic("endsStream called on nil writeFramer")
 	}
 	return false
 }
diff --git a/src/vendor/golang.org/x/net/http2/hpack/hpack.go b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
index f5a9b84..8e9b2f2 100644
--- a/src/vendor/golang.org/x/net/http2/hpack/hpack.go
+++ b/src/vendor/golang.org/x/net/http2/hpack/hpack.go
@@ -282,6 +282,11 @@
 	for len(d.buf) > 0 {
 		err = d.parseHeaderFieldRepr()
 		if err == errNeedMore {
+			// Extra paranoia, making sure saveBuf won't
+			// get too large.  All the varint and string
+			// reading code earlier should already catch
+			// overlong things and return ErrStringLength,
+			// but keep this as a last resort.
 			const varIntOverhead = 8 // conservative
 			if d.maxStrLen != 0 && int64(len(d.buf)) > 2*(int64(d.maxStrLen)+varIntOverhead) {
 				return 0, ErrStringLength
@@ -503,6 +508,7 @@
 		buf.Reset() // don't trust others
 		defer bufPool.Put(buf)
 		if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {
+			buf.Reset()
 			return "", nil, err
 		}
 		s = buf.String()