diff options
author | Paschalis Tsilias <paschalis.tsilias@gmail.com> | 2020-05-21 15:33:39 +0300 |
---|---|---|
committer | Emmanuel Odeke <emm.odeke@gmail.com> | 2020-05-31 00:55:05 +0000 |
commit | 8da78625b1fe2a6141d331f54248913936dc49c7 (patch) | |
tree | 55017fb53dbf51ece3f9abef5d8e68a87864c2f3 /src/net/http/transport_test.go | |
parent | fc40beb987fa503f3452e2e311f765241f5a3cf0 (diff) | |
download | go-8da78625b1fe2a6141d331f54248913936dc49c7.tar.gz go-8da78625b1fe2a6141d331f54248913936dc49c7.zip |
net/http: reject HTTP/1.1 Content-Length with sign in response
Enforces section 14.13 of RFC 2616 so that Content-Length header
values with a sign such as "+5" will be rejected.
Updates #39017
Change-Id: Icce9f00d03c8475fe704b33f9bed9089ff8802f0
Reviewed-on: https://go-review.googlesource.com/c/go/+/234817
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Diffstat (limited to 'src/net/http/transport_test.go')
-rw-r--r-- | src/net/http/transport_test.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go index 5ccb3d14ab..99056a42d9 100644 --- a/src/net/http/transport_test.go +++ b/src/net/http/transport_test.go @@ -6222,3 +6222,22 @@ func TestIssue32441(t *testing.T) { t.Error(err) } } + +// Issue 39017. Ensure that HTTP/1 transports reject Content-Length headers +// that contain a sign (eg. "+3"), per RFC 2616, Section 14.13. +func TestTransportRejectsSignInContentLength(t *testing.T) { + cst := httptest.NewServer(HandlerFunc(func(w ResponseWriter, r *Request) { + w.Header().Set("Content-Length", "+3") + w.Write([]byte("abc")) + })) + defer cst.Close() + + c := cst.Client() + res, err := c.Get(cst.URL) + if err == nil || res != nil { + t.Fatal("Expected a non-nil error and a nil http.Response") + } + if got, want := err.Error(), `bad Content-Length "+3"`; !strings.Contains(got, want) { + t.Fatalf("Error mismatch\nGot: %q\nWanted substring: %q", got, want) + } +} |