| commit | 8aa7cbbc339f05702bfb4e48ce9eb5f1b18a8d6f | [log] [tgz] |
|---|---|---|
| author | Brad Fitzpatrick <bradfitz@golang.org> | Wed Feb 10 21:45:00 2016 +0000 |
| committer | Brad Fitzpatrick <bradfitz@golang.org> | Wed Feb 10 21:53:30 2016 +0000 |
| tree | 44300da9b586a26930b769794618596eccd48bb3 | |
| parent | 51d644aca6b8eca07b6bd2f5ea435998bf73fa92 [diff] |
transport: don't crash if peer sends an empty header field name The grpc-http2 transport doesn't validate hpack-decoded field names to be valid http2 field names before checking their first byte. Had it verified first and found that the empty string is illegal, this crash wouldn't happen, but currently a malicious request can crash a gRPC server by sending an empty hpack string.
#gRPC-Go
The Go implementation of gRPC: A high performance, open source, general RPC framework that puts mobile and HTTP/2 first. For more information see the gRPC Quick Start guide.
To install this package, you need to install Go 1.4 or above and setup your Go workspace on your computer. The simplest way to install the library is to run:
$ go get google.golang.org/grpc
This requires Go 1.4 or above.
The grpc package should only depend on standard Go packages and a small number of exceptions. If your contribution introduces new dependencies which are NOT in the list, you need a discussion with gRPC-Go authors and consultants.
See API documentation for package and API descriptions and find examples in the examples directory.
Beta release