commit | c2db5f4ccc61ba7df96a747e268a277b802cbb87 | [log] [tgz] |
---|---|---|
author | Jed Denlea <jed@fastly.com> | Wed Jul 29 18:10:32 2015 -0700 |
committer | Brad Fitzpatrick <bradfitz@golang.org> | Sun Aug 02 09:34:59 2015 +0000 |
tree | 15954dabb41a075c51ccc98b52e6552d9b280090 | |
parent | ec4d06e47010ef5a7a69080046530997169e7666 [diff] |
net/http: close server conn after request body error HTTP servers attempt to entirely consume a request body before sending a response. However, when doing so, it previously would ignore any errors encountered. Unfortunately, the errors triggered at this stage are indicative of at least a couple problems: read timeouts and chunked encoding errors. This means properly crafted and/or timed requests could lead to a "smuggled" request. The fix is to inspect the errors created by the response body Reader, and treat anything other than io.EOF or ErrBodyReadAfterClose as fatal to the connection. Fixes #11930 Change-Id: I0bf18006d7d8f6537529823fc450f2e2bdb7c18e Reviewed-on: https://go-review.googlesource.com/12865 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
For documentation about how to install and use Go, visit https://golang.org/ or load doc/install-source.html in your web browser.
Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.
Please report issues here: https://golang.org/issue/new
Go is the work of hundreds of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
If you have just untarred a binary Go distribution, you need to set the environment variable $GOROOT to the full path of the go directory (the one containing this file). You can omit the variable if you unpack it into /usr/local/go, or if you rebuild from sources by running all.bash (see doc/install-source.html). You should also add the Go binary directory $GOROOT/bin to your shell's path.
For example, if you extracted the tar file into $HOME/go, you might put the following in your .profile:
export GOROOT=$HOME/go export PATH=$PATH:$GOROOT/bin
See https://golang.org/doc/install or doc/install.html for more details.