diff options
author | Bryan C. Mills <bcmills@google.com> | 2020-01-07 12:03:28 -0500 |
---|---|---|
committer | Bryan C. Mills <bcmills@google.com> | 2020-01-07 18:00:57 +0000 |
commit | 249c85d3aab2ad2d0bcbf36efe606fdd66f25c72 (patch) | |
tree | bb55f11ddb1995ffd5caebc1218ef068299d1a96 /src/net/http/transport_test.go | |
parent | 98418c998c73075b050f6e52088f8dbc4cbdf7ef (diff) | |
download | go-249c85d3aab2ad2d0bcbf36efe606fdd66f25c72.tar.gz go-249c85d3aab2ad2d0bcbf36efe606fdd66f25c72.zip |
net/http: avoid writing to Transport.ProxyConnectHeader
Previously, we accidentally wrote the Proxy-Authorization header for
the initial CONNECT request to the shared ProxyConnectHeader map when
it was non-nil.
Fixes #36431
Change-Id: I5cb414f391dddf8c23d85427eb6973f14c949025
Reviewed-on: https://go-review.googlesource.com/c/go/+/213638
Run-TryBot: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Diffstat (limited to 'src/net/http/transport_test.go')
-rw-r--r-- | src/net/http/transport_test.go | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go index 08ee4abcf1..5fc60e1842 100644 --- a/src/net/http/transport_test.go +++ b/src/net/http/transport_test.go @@ -1550,6 +1550,44 @@ func TestTransportDialPreservesNetOpProxyError(t *testing.T) { } } +// Issue 36431: calls to RoundTrip should not mutate t.ProxyConnectHeader. +// +// (A bug caused dialConn to instead write the per-request Proxy-Authorization +// header through to the shared Header instance, introducing a data race.) +func TestTransportProxyDialDoesNotMutateProxyConnectHeader(t *testing.T) { + setParallel(t) + defer afterTest(t) + + proxy := httptest.NewTLSServer(NotFoundHandler()) + defer proxy.Close() + c := proxy.Client() + + tr := c.Transport.(*Transport) + tr.Proxy = func(*Request) (*url.URL, error) { + u, _ := url.Parse(proxy.URL) + u.User = url.UserPassword("aladdin", "opensesame") + return u, nil + } + h := tr.ProxyConnectHeader + if h == nil { + h = make(Header) + } + tr.ProxyConnectHeader = h.Clone() + + req, err := NewRequest("GET", "https://golang.fake.tld/", nil) + if err != nil { + t.Fatal(err) + } + _, err = c.Do(req) + if err == nil { + t.Errorf("unexpected Get success") + } + + if !reflect.DeepEqual(tr.ProxyConnectHeader, h) { + t.Errorf("tr.ProxyConnectHeader = %v; want %v", tr.ProxyConnectHeader, h) + } +} + // TestTransportGzipRecursive sends a gzip quine and checks that the // client gets the same value back. This is more cute than anything, // but checks that we don't recurse forever, and checks that |