diff options
author | Damien Neil <dneil@google.com> | 2022-06-17 10:09:45 -0700 |
---|---|---|
committer | Michael Knyszek <mknyszek@google.com> | 2022-07-12 14:51:39 +0000 |
commit | ed2f33e1a7e0d18f61bd56f7ee067331d612c27e (patch) | |
tree | 05aa27116d8aa4c9de81ac6e53dabe4741f21052 /src/encoding/xml | |
parent | d13431c37ab62f9755f705731536ff74e7165b08 (diff) | |
download | go-ed2f33e1a7e0d18f61bd56f7ee067331d612c27e.tar.gz go-ed2f33e1a7e0d18f61bd56f7ee067331d612c27e.zip |
[release-branch.go1.17] net/http: preserve nil values in Header.Clone
ReverseProxy makes a distinction between nil and zero-length header values.
Avoid losing nil-ness when cloning a request.
Thanks to Christian Mehlmauer for discovering this.
For #53423
For CVE-2022-32148
Fixes #53620
Change-Id: Ice369cdb4712e2d62e25bb881b080847aa4801f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/412857
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/415221
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Diffstat (limited to 'src/encoding/xml')
0 files changed, 0 insertions, 0 deletions