From: Katie Hockman Date: Wed, 28 Apr 2021 18:47:48 +0000 (-0400) Subject: [PATCH] [release-branch.go1.15] std: update golang.org/x/net to 20210428183841-261fb5... X-Git-Tag: archive/raspbian/1.15.9-5+rpi1^2~6 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4c0ac1a3a1ee25e8eb84f03d425c5eb83e6a7c31;p=golang-1.15.git [PATCH] [release-branch.go1.15] std: update golang.org/x/net to 20210428183841-261fb518b1ed Steps: go get -d golang.org/x/net@release-branch.go1.15 go mod tidy go mod vendor This http2 bundle does not need to be updated. Fixes #45711 Change-Id: I085ca592dfc8d5d9c328a7979142e88e7130a813 Reviewed-on: https://go-review.googlesource.com/c/go/+/314790 Trust: Katie Hockman Run-TryBot: Katie Hockman Reviewed-by: Dmitri Shuralyov Gbp-Pq: Name 0007-CVE-2021-31525.patch --- diff --git a/src/vendor/golang.org/x/net/http/httpguts/httplex.go b/src/vendor/golang.org/x/net/http/httpguts/httplex.go index e7de24ee..c79aa73f 100644 --- a/src/vendor/golang.org/x/net/http/httpguts/httplex.go +++ b/src/vendor/golang.org/x/net/http/httpguts/httplex.go @@ -137,11 +137,13 @@ func trimOWS(x string) string { // contains token amongst its comma-separated tokens, ASCII // case-insensitively. func headerValueContainsToken(v string, token string) bool { - v = trimOWS(v) - if comma := strings.IndexByte(v, ','); comma != -1 { - return tokenEqual(trimOWS(v[:comma]), token) || headerValueContainsToken(v[comma+1:], token) + for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') { + if tokenEqual(trimOWS(v[:comma]), token) { + return true + } + v = v[comma+1:] } - return tokenEqual(v, token) + return tokenEqual(trimOWS(v), token) } // lowerASCII returns the ASCII lowercase version of b.