Skip to content

Commit

Permalink
http2: validate Host header before sending
Browse files Browse the repository at this point in the history 
Verify that the Host header we send is valid.
Avoids sending a request that the server will reject,
possibly sending us into a retry loop.

No test in this CL, but this will be covered by the net/http
test added in CL 506996.

For golang/go#60374

Change-Id: I78867eb05293ad8ca1b02bc22fb626760949d4b8
Reviewed-on: https://go-review.googlesource.com/c/net/+/506995
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
  • Loading branch information
@neild
neild committed Jun 29, 2023
1 parent 1bb09e6 commit 63727cc
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions http2/transport.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1880,6 +1880,9 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
if err != nil {
return nil, err
}
if !httpguts.ValidHostHeader(host) {
return nil, errors.New("http2: invalid Host header")
}

var path string
if req.Method != "CONNECT" {
Expand Down

0 comments on commit 63727cc

Please sign in to comment.