golang/0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch

From 67bff2eb995a098f838fa4b799c0b8261292e6e7 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Fri, 17 Jun 2022 10:09:45 -0700
Subject: [PATCH 01/11] [release-branch.go1.17] net/http: preserve nil values
 in Header.Clone

ReverseProxy makes a distinction between nil and zero-length header values.
Avoid losing nil-ness when cloning a request.

Thanks to Christian Mehlmauer for discovering this.

For #53423
For CVE-2022-32148
Fixes #53620

Change-Id: Ice369cdb4712e2d62e25bb881b080847aa4801f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/412857
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/415221
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

Conflict: NA
Reference: https://go-review.googlesource.com/c/go/+/415221
---
 src/net/http/header.go      | 6 ++++++
 src/net/http/header_test.go | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/src/net/http/header.go b/src/net/http/header.go
index 4c72dcb2c88..ef4ee7ffa81 100644
--- a/src/net/http/header.go
+++ b/src/net/http/header.go
@@ -101,6 +101,12 @@ func (h Header) Clone() Header {
 	sv := make([]string, nv) // shared backing array for headers' values
 	h2 := make(Header, len(h))
 	for k, vv := range h {
+		if vv == nil {
+			// Preserve nil values. ReverseProxy distinguishes
+			// between nil and zero-length header values.
+			h2[k] = nil
+			continue
+		}
 		n := copy(sv, vv)
 		h2[k] = sv[:n:n]
 		sv = sv[n:]
diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go
index 47893629194..80c003551db 100644
--- a/src/net/http/header_test.go
+++ b/src/net/http/header_test.go
@@ -235,6 +235,11 @@ func TestCloneOrMakeHeader(t *testing.T) {
 			in:   Header{"foo": {"bar"}},
 			want: Header{"foo": {"bar"}},
 		},
+		{
+			name: "nil value",
+			in:   Header{"foo": nil},
+			want: Header{"foo": nil},
+		},
 	}
 
 	for _, tt := range tests {
-- 
2.30.2