commit | a5309b321dcaf6c4bf33f5a65b0a5a82591f8039 | [log] [tgz] |
---|---|---|
author | Damien Neil <dneil@google.com> | Mon Dec 06 14:31:43 2021 -0800 |
committer | Filippo Valsorda <filippo@golang.org> | Thu Dec 09 05:02:17 2021 -0500 |
tree | 8ac79a46eea3a40fc7a3eff1bb31e96a5f3df0b4 | |
parent | 64539c132272986b8f9de8447ceba2b9c8bd224c [diff] |
[internal-branch.go1.16-vendor] http2: cap the size of the server's canonical header cache The HTTP/2 server keeps a per-connection cache mapping header keys to their canonicalized form (e.g., "foo-bar" => "Foo-Bar"). Cap the maximum size of this cache to prevent a peer sending many unique header keys from causing unbounded memory growth. Cap chosen arbitrarily at 32 entries. Since this cache does not include common headers (e.g., "content-type"), 32 seems like more than enough for almost all normal uses. Updates golang/go#50058 Fixes CVE-2021-44716 Change-Id: Ia83696dc23253c12af8f26d502557c2cc9841105 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1290827 Reviewed-by: Roland Shoemaker <bracewell@google.com>
This repository holds supplementary Go networking libraries.
The easiest way to install is to run go get -u golang.org/x/net
. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net
.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.