diff options
author | Damien Neil <dneil@google.com> | 2022-06-17 10:09:45 -0700 |
---|---|---|
committer | Damien Neil <dneil@google.com> | 2022-06-29 22:28:30 +0000 |
commit | b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a (patch) | |
tree | 1bdaa3092fe0ed673cace25dcf1ddd74f423c24c | |
parent | 64ef16e77795957d47e3889bca9483d6f3099bbf (diff) | |
download | go-b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a.tar.gz go-b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a.zip |
net/http: preserve nil values in Header.Clone
ReverseProxy makes a distinction between nil and zero-length header values.
Avoid losing nil-ness when cloning a request.
Thanks to Christian Mehlmauer for discovering this.
Fixes #53423
Fixes CVE-2022-32148
Change-Id: Ice369cdb4712e2d62e25bb881b080847aa4801f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/412857
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
-rw-r--r-- | src/net/http/header.go | 6 | ||||
-rw-r--r-- | src/net/http/header_test.go | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/net/http/header.go b/src/net/http/header.go index 6487e5025d..6437f2d2c0 100644 --- a/src/net/http/header.go +++ b/src/net/http/header.go @@ -103,6 +103,12 @@ func (h Header) Clone() Header { sv := make([]string, nv) // shared backing array for headers' values h2 := make(Header, len(h)) for k, vv := range h { + if vv == nil { + // Preserve nil values. ReverseProxy distinguishes + // between nil and zero-length header values. + h2[k] = nil + continue + } n := copy(sv, vv) h2[k] = sv[:n:n] sv = sv[n:] diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go index 57d16f51a5..0b13d311ac 100644 --- a/src/net/http/header_test.go +++ b/src/net/http/header_test.go @@ -248,6 +248,11 @@ func TestCloneOrMakeHeader(t *testing.T) { in: Header{"foo": {"bar"}}, want: Header{"foo": {"bar"}}, }, + { + name: "nil value", + in: Header{"foo": nil}, + want: Header{"foo": nil}, + }, } for _, tt := range tests { |