Cypherpunks.ru repositories - gostls13.git/commit

author	Damien Neil <dneil@google.com>
	Mon, 7 Aug 2023 22:57:54 +0000 (15:57 -0700)
committer	Damien Neil <dneil@google.com>
	Tue, 8 Aug 2023 23:10:58 +0000 (23:10 +0000)
commit	2d5ce9b729c0edded841301bd73d68d5e95aa28b
tree	11d113ee1e8e538124cdea6b2953c8eff3bf5e12	tree
parent	6e43407931ee4acc204620a9fae59c7903164901	commit \| diff

net/http: sanitize User-Agent header in request writer

Apply the same transformations to the User-Agent header value that we
do to other headers.

Avoids header and request smuggling in Request.Write and
Request.WriteProxy. RoundTrip already validates values in
Request.Header, and didn't allow bad User-Agent values to
make it as far as the request writer.

Fixes #61824

Change-Id: I360a915c7e08d014e0532bd5af196a5b59c89395
Reviewed-on: https://go-review.googlesource.com/c/go/+/516836
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

src/net/http/request.go		diff \| blob \| history
src/net/http/request_test.go		diff \| blob \| history