http2: validate Host header before sending

neild · neild · commit 63727cc58253 · 2023-06-29T17:00:16.000Z
Verify that the Host header we send is valid. Avoids sending a request that the server will reject, possibly sending us into a retry loop. No test in this CL, but this will be covered by the net/http test added in CL 506996. For golang/go#60374 Change-Id: I78867eb05293ad8ca1b02bc22fb626760949d4b8 Reviewed-on: https://go-review.googlesource.com/c/net/+/506995 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/http2/transport.go b/http2/transport.go
@@ -1880,6 +1880,9 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 	if err != nil {
 		return nil, err
 	}
+	if !httpguts.ValidHostHeader(host) {
+		return nil, errors.New("http2: invalid Host header")
+	}
 
 	var path string
 	if req.Method != "CONNECT" {

Original file line number	Diff line number	Diff line change
`@@ -1880,6 +1880,9 @@ func (cc ClientConn) encodeHeaders(req http.Request, addGzipHeader bool, trail`
`1880`	`1880`	`if err != nil {`
`1881`	`1881`	`return nil, err`
`1882`	`1882`	`}`
	`1883`	`+ if !httpguts.ValidHostHeader(host) {`
	`1884`	`+ return nil, errors.New("http2: invalid Host header")`
	`1885`	`+ }`
`1883`	`1886`
`1884`	`1887`	`var path string`
`1885`	`1888`	`if req.Method != "CONNECT" {`