http2: validate Host header before sending
Verify that the Host header we send is valid.
Avoids sending a request that the server will reject,
possibly sending us into a retry loop.
No test in this CL, but this will be covered by the net/http
test added in CL 506996.
For golang/go#60374
Change-Id: I78867eb05293ad8ca1b02bc22fb626760949d4b8
Reviewed-on: https://go-review.googlesource.com/c/net/+/506995
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/http2/transport.go b/http2/transport.go
index 4f08ccb..da53e83 100644
--- a/http2/transport.go
+++ b/http2/transport.go
@@ -1880,6 +1880,9 @@
if err != nil {
return nil, err
}
+ if !httpguts.ValidHostHeader(host) {
+ return nil, errors.New("http2: invalid Host header")
+ }
var path string
if req.Method != "CONNECT" {