Commit - go-fedora - e434185ec16b3783629bcb364b9a350706df7c1e

go-fedora

`e434185` [release-branch.go1.13-security] net/http: synchronize "100 Continue" write and Handler writes

1 file Authored by Russ Cox 3 years ago, Committed by Katie Hockman 3 years ago,

raw patch tree parent

1 file changed. 36 lines added. 7 lines removed.

    [release-branch.go1.13-security] net/http: synchronize "100 Continue" write and Handler writes
    
    The expectContinueReader writes to the connection on the first
    Request.Body read. Since a Handler might be doing a read in parallel or
    before a write, expectContinueReader needs to synchronize with the
    ResponseWriter, and abort if a response already went out.
    
    The tests will land in a separate CL.
    
    Fixes #34902
    Fixes CVE-2020-15586
    
    Change-Id: Icdd8dd539f45e8863762bd378194bb4741e875fc
    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/793350
    Reviewed-by: Filippo Valsorda <valsorda@google.com>
    (cherry picked from commit b5e504f4a07c572744b228fa1b10e3989c4c44f3)
    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/793499

src/net/http/server.go

file modified

+36 -7

go-fedora

Source Code

e434185 [release-branch.go1.13-security] net/http: synchronize "100 Continue" write and Handler writes

1 file Authored by Russ Cox 3 years ago, Committed by Katie Hockman 3 years ago,

`e434185` [release-branch.go1.13-security] net/http: synchronize "100 Continue" write and Handler writes