Google Git
Sign in
go / go / b7a85e0003cedb1b48a1fd3ae5b746ec6330102e
commitb7a85e0003cedb1b48a1fd3ae5b746ec6330102e[log] [tgz]
authorDamien Neil <dneil@google.com>Wed Jul 07 16:34:34 2021 -0700
committerFilippo Valsorda <filippo@golang.org>Fri Jul 30 14:01:30 2021 +0000
treefe86fc80397496bbb065a7a1ae55799111b240b2
parent70fd4e47d73b92fe90e44ac785e2f98f9df0ab67 [diff]
net/http/httputil: close incoming ReverseProxy request body

Reading from an incoming request body after the request handler aborts
with a panic can cause a panic, becuse http.Server does not (contrary
to its documentation) close the request body in this case.

Always close the incoming request body in ReverseProxy.ServeHTTP to
ensure that any in-flight outgoing requests using the body do not
read from it.

Updates #46866
Fixes CVE-2021-36221

Change-Id: I310df269200ad8732c5d9f1a2b00de68725831df
Reviewed-on: https://go-review.googlesource.com/c/go/+/333191
Trust: Damien Neil <dneil@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
2 files changed
tree: fe86fc80397496bbb065a7a1ae55799111b240b2
  1. .github/
  2. api/
  3. doc/
  4. lib/
  5. misc/
  6. src/
  7. test/
  8. .gitattributes
  9. .gitignore
  10. AUTHORS
  11. codereview.cfg
  12. CONTRIBUTING.md
  13. CONTRIBUTORS
  14. LICENSE
  15. PATENTS
  16. README.md
  17. SECURITY.md
README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines at https://golang.org/doc/contribute.html.

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.