From: Filippo Valsorda <filippo@golang.org>
Date: Thu, 9 Dec 2021 11:32:14 +0000 (-0500)
Subject: CVE-2021-44716
X-Git-Tag: archive/raspbian/1.15.15-1_deb11u4+rpi1^2~6
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c7a99fd414f35ed5652c412881f89e8783346922;p=golang-1.15.git

CVE-2021-44716

Origin: backport, https://github.com/golang/go/commit/48d94896

Gbp-Pq: Name 0010-CVE-2021-44716.patch
---

diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 3d830847..06f8808d 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -4289,7 +4289,15 @@ func (sc *http2serverConn) canonicalHeader(v string) string {
 		sc.canonHeader = make(map[string]string)
 	}
 	cv = CanonicalHeaderKey(v)
-	sc.canonHeader[v] = cv
+	// maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of
+	// entries in the canonHeader cache. This should be larger than the number
+	// of unique, uncommon header keys likely to be sent by the peer, while not
+	// so high as to permit unreaasonable memory usage if the peer sends an unbounded
+	// number of unique header keys.
+	const maxCachedCanonicalHeaders = 32
+	if len(sc.canonHeader) < maxCachedCanonicalHeaders {
+		sc.canonHeader[v] = cv
+	}
 	return cv
 }