1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From efb465ada003d23353a91ef930be408eb575dba6 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Thu, 16 Jun 2022 17:40:12 +0530
Subject: [PATCH] CVE-2021-31525
Upstream-Status: Backport [https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282]
CVE: CVE-2021-31525
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
src/vendor/golang.org/x/net/http/httpguts/httplex.go | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/vendor/golang.org/x/net/http/httpguts/httplex.go b/src/vendor/golang.org/x/net/http/httpguts/httplex.go
index e7de24e..c79aa73 100644
--- a/src/vendor/golang.org/x/net/http/httpguts/httplex.go
+++ b/src/vendor/golang.org/x/net/http/httpguts/httplex.go
@@ -137,11 +137,13 @@ func trimOWS(x string) string {
// contains token amongst its comma-separated tokens, ASCII
// case-insensitively.
func headerValueContainsToken(v string, token string) bool {
- v = trimOWS(v)
- if comma := strings.IndexByte(v, ','); comma != -1 {
- return tokenEqual(trimOWS(v[:comma]), token) || headerValueContainsToken(v[comma+1:], token)
+ for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') {
+ if tokenEqual(trimOWS(v[:comma]), token) {
+ return true
+ }
+ v = v[comma+1:]
}
- return tokenEqual(v, token)
+ return tokenEqual(trimOWS(v), token)
}
// lowerASCII returns the ASCII lowercase version of b.
--
2.25.1
|
