Google Git
Sign in
go / net / b2ed34f6fc8d65cc6a090fb87692ea6b1162fddd
commitb2ed34f6fc8d65cc6a090fb87692ea6b1162fddd[log] [tgz]
authorBrad Fitzpatrick <bradfitz@golang.org>Wed Jan 20 20:16:54 2016 +0000
committerBrad Fitzpatrick <bradfitz@golang.org>Wed Jan 20 22:26:53 2016 +0000
tree4daa097b89fccd3f044c61a7e513d29769cde504
parent78e1654ef40b8b993e3355307740b1cac8f1db20 [diff]
http2: validate received header field values in Server and Transport

This validates incoming header field values in Server and Transport to
make sure the peer isn't sending us a \x00, CR, NL or other non-VCHAR
except space and tab.

It does not yet validate that we don't send such things, though.

Updates golang/go#14029

Change-Id: I7c6a56d5d0d255f1b8fa64480b34b3b5e1f4f367
Reviewed-on: https://go-review.googlesource.com/18727
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
5 files changed
tree: 4daa097b89fccd3f044c61a7e513d29769cde504
  1. context/
  2. dict/
  3. html/
  4. http2/
  5. icmp/
  6. idna/
  7. internal/
  8. ipv4/
  9. ipv6/
  10. netutil/
  11. proxy/
  12. publicsuffix/
  13. trace/
  14. webdav/
  15. websocket/
  16. xsrftoken/
  17. .gitattributes
  18. .gitignore
  19. AUTHORS
  20. codereview.cfg
  21. CONTRIBUTING.md
  22. CONTRIBUTORS
  23. LICENSE
  24. PATENTS
  25. README