net/http: fix validHeaderValue yet again, excluding the DEL CTL byte

Third time's a charm. Thanks to Ralph Corderoy for noticing the DEL omission. Update #11207 Change-Id: I174fd01eaecceae1eb220f2c9136e12d40fbe943 Reviewed-on: https://go-review.googlesource.com/18375 Reviewed-by: Russ Cox <rsc@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
author: Brad Fitzpatrick <bradfitz@golang.org> 2016-01-08 18:30:04 +0000
committer: Brad Fitzpatrick <bradfitz@golang.org> 2016-01-08 19:01:32 +0000
commit: 39ad0fd0789872f9469167be7fe9578625ff246e (patch)
tree: 172bbbd29e5f8c209b2acb74623982c4ba12ca29 /src/net/http/request.go
parent: ecc01a7ddf626ffb3debcb851ee21bed8dded9a1 (diff)
download: go-39ad0fd0789872f9469167be7fe9578625ff246e.tar.xz
1 files changed, 17 insertions, 1 deletions
diff --git a/src/net/http/request.go b/src/net/http/request.go
index 1a6a97d4d7..c2f5f26a4c 100644
--- a/src/net/http/request.go
+++ b/src/net/http/request.go
@@ -1136,10 +1136,26 @@ func validHeaderName(v string) bool {
 	return strings.IndexFunc(v, isNotToken) == -1
 }
 
+// validHeaderValue reports whether v is a valid "field-value" according to
+// http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 :
+//
+//        message-header = field-name ":" [ field-value ]
+//        field-value    = *( field-content | LWS )
+//        field-content  = <the OCTETs making up the field-value
+//                         and consisting of either *TEXT or combinations
+//                         of token, separators, and quoted-string>
+//
+// http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 :
+//
+//        TEXT           = <any OCTET except CTLs,
+//                          but including LWS>
+//        LWS            = [CRLF] 1*( SP | HT )
+//        CTL            = <any US-ASCII control character
+//                         (octets 0 - 31) and DEL (127)>
 func validHeaderValue(v string) bool {
 	for i := 0; i < len(v); i++ {
 		b := v[i]
-		if b < ' ' && b != '\t' {
+		if isCTL(b) && !isLWS(b) {
 			return false
 		}
 	}
author	Brad Fitzpatrick <bradfitz@golang.org>	2016-01-08 18:30:04 +0000
committer	Brad Fitzpatrick <bradfitz@golang.org>	2016-01-08 19:01:32 +0000
commit	39ad0fd0789872f9469167be7fe9578625ff246e (patch)
tree	172bbbd29e5f8c209b2acb74623982c4ba12ca29 /src/net/http/request.go
parent	ecc01a7ddf626ffb3debcb851ee21bed8dded9a1 (diff)
download	go-39ad0fd0789872f9469167be7fe9578625ff246e.tar.xz