golang/0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch

From f1da2608e141b54e7c1791220c3493a36863c651 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Wed, 1 Jun 2022 11:17:07 -0700
Subject: [PATCH 03/10] [release-branch.go1.17] net/http: don't strip
 whitespace from Transfer-Encoding headers

Do not accept "Transfer-Encoding: \rchunked" as a valid TE header
setting chunked encoding.

Thanks to Zeyu Zhang (https://www.zeyu2001.com/) for identifying
the issue.

For #53188
For CVE-2022-1705
Fixes #53432

Change-Id: I1a16631425159267f2eca68056b057192a7edf6c
Reviewed-on: https://go-review.googlesource.com/c/go/+/409874
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit e5017a93fcde94f09836200bca55324af037ee5f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/415217
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

Conflict: src/net/http/transfer.go
Reference: https://go-review.googlesource.com/c/go/+/415217
---
 src/net/http/serve_test.go | 1 +
 src/net/http/transfer.go   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
index 5f569327782..c3f33a5e403 100644
--- a/src/net/http/serve_test.go
+++ b/src/net/http/serve_test.go
@@ -6151,6 +6151,7 @@ func TestUnsupportedTransferEncodingsReturn501(t *testing.T) {
 		"fugazi",
 		"foo-bar",
 		"unknown",
+		"\rchunked",
 	}
 
 	for _, badTE := range unsupportedTEs {
diff --git a/src/net/http/transfer.go b/src/net/http/transfer.go
index 50d434b1fb0..75ca7eda294 100644
--- a/src/net/http/transfer.go
+++ b/src/net/http/transfer.go
@@ -629,7 +629,7 @@ func (t *transferReader) parseTransferEncoding() error {
 	if len(raw) != 1 {
 		return &unsupportedTEError{fmt.Sprintf("too many transfer encodings: %q", raw)}
 	}
-	if strings.ToLower(textproto.TrimString(raw[0])) != "chunked" {
+	if strings.ToLower(raw[0]) != "chunked" {
 		return &unsupportedTEError{fmt.Sprintf("unsupported transfer encoding: %q", raw[0])}
 	}
 
-- 
2.30.2