http2: validate Host header before sending Verify that the Host header we send is valid. Avoids sending a request that the server will reject, possibly sending us into a retry loop. No test in this CL, but this will be covered by the net/http test added in CL 506996. For golang/go#60374 Change-Id: I78867eb05293ad8ca1b02bc22fb626760949d4b8 Reviewed-on: https://go-review.googlesource.com/c/net/+/506995 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>

commit: 63727cc58253c59c71cf8491bb4d7448990d63b8 [log] [tgz]
author: Damien Neil <dneil@google.com> Wed Jun 28 13:18:36 2023 -0700
committer: Damien Neil <dneil@google.com> Thu Jun 29 17:00:16 2023 +0000
tree: 56bceeb2abf405bd4a41e80639b1c8ada8ffea22
parent: 1bb09e6b1e6cbe43c5034c99133d866b60ea81fa [diff]
diff --git a/http2/transport.go b/http2/transport.go
index 4f08ccb..da53e83 100644
--- a/http2/transport.go
+++ b/http2/transport.go

@@ -1880,6 +1880,9 @@
 	if err != nil {
 		return nil, err
 	}
+	if !httpguts.ValidHostHeader(host) {
+		return nil, errors.New("http2: invalid Host header")
+	}
 
 	var path string
 	if req.Method != "CONNECT" {
commit	63727cc58253c59c71cf8491bb4d7448990d63b8	[log] [tgz]
author	Damien Neil <dneil@google.com>	Wed Jun 28 13:18:36 2023 -0700
committer	Damien Neil <dneil@google.com>	Thu Jun 29 17:00:16 2023 +0000
tree	56bceeb2abf405bd4a41e80639b1c8ada8ffea22
parent	1bb09e6b1e6cbe43c5034c99133d866b60ea81fa [diff]