Skip to content

net/http/cgi: reject invalid header names [freeze exception] #38889

New issue
New issue
Closed
Closed
net/http/cgi: reject invalid header names [freeze exception]#38889
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.release-blocker
Milestone
 
Go1.15
@FiloSottile

Description

@FiloSottile
FiloSottile
opened on May 5, 2020

While working on CL 231419, I noticed we trim spaces around the names of the headers generated by CGI programs. This is not as serious as #34540 because the CGI program output is presumably trusted, but CGI is such a generic interface that I'd feel better if we didn't do anything potentially risky like that.

I'd like to request a freeze exception to land CL 232277 this week.

/cc @andybons @rsc

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.release-blocker

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions