Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http2: omit invalid header value from error message #115

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion http2/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ func (e headerFieldNameError) Error() string {
type headerFieldValueError string

func (e headerFieldValueError) Error() string {
return fmt.Sprintf("invalid header field value %q", string(e))
return fmt.Sprintf("invalid header field value for %q", string(e))
}

var (
Expand Down
3 changes: 2 additions & 1 deletion http2/frame.go
Original file line number Diff line number Diff line change
Expand Up @@ -1532,7 +1532,8 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) {
fr.debugReadLoggerf("http2: decoded hpack field %+v", hf)
}
if !httpguts.ValidHeaderFieldValue(hf.Value) {
invalid = headerFieldValueError(hf.Value)
// Don't include the value in the error, because it may be sensitive.
invalid = headerFieldValueError(hf.Name)
}
isPseudo := strings.HasPrefix(hf.Name, ":")
if isPseudo {
Expand Down
2 changes: 1 addition & 1 deletion http2/frame_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1068,7 +1068,7 @@ func TestMetaFrameHeader(t *testing.T) {
name: "invalid_field_value",
w: func(f *Framer) { write(f, encodeHeaderRaw(t, "key", "bad_null\x00")) },
want: streamError(1, ErrCodeProtocol),
wantErrReason: "invalid header field value \"bad_null\\x00\"",
wantErrReason: `invalid header field value for "key"`,
},
}
for i, tt := range tests {
Expand Down
3 changes: 2 additions & 1 deletion http2/transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -1699,7 +1699,8 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
}
for _, v := range vv {
if !httpguts.ValidHeaderFieldValue(v) {
return nil, fmt.Errorf("invalid HTTP header value %q for header %q", v, k)
// Don't include the value in the error, because it may be sensitive.
return nil, fmt.Errorf("invalid HTTP header value for header %q", k)
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions http2/transport_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1473,7 +1473,7 @@ func TestTransportInvalidTrailer_EmptyFieldName(t *testing.T) {
})
}
func TestTransportInvalidTrailer_BinaryFieldValue(t *testing.T) {
testInvalidTrailer(t, oneHeader, headerFieldValueError("has\nnewline"), func(enc *hpack.Encoder) {
testInvalidTrailer(t, oneHeader, headerFieldValueError("x"), func(enc *hpack.Encoder) {
enc.WriteField(hpack.HeaderField{Name: "x", Value: "has\nnewline"})
})
}
Expand Down Expand Up @@ -2437,7 +2437,7 @@ func TestTransportFailsOnInvalidHeaders(t *testing.T) {
},
3: {
h: http.Header{"foo": {"foo\x01bar"}},
wantErr: `invalid HTTP header value "foo\x01bar" for header "foo"`,
wantErr: `invalid HTTP header value for header "foo"`,
},
}

Expand Down