Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: http2 round tripper nil pointer dereference causes panic causing deadlock [1.21 backport] #66254

Closed
gopherbot opened this issue Mar 11, 2024 · 4 comments
Closed

net/http: http2 round tripper nil pointer dereference causes panic causing deadlock [1.21 backport] #66254

gopherbot opened this issue Mar 11, 2024 · 4 comments
Labels
CherryPickApproved Used during the release process for point releases
Milestone
Go1.21.9

Comments

@gopherbot
Copy link

@neild requested issue #65927 to be considered for backport to the next 1.21 minor release.

@niallnsec Thanks, that gives me some added confidence that we've correctly identified the root cause.

Historically, we haven't backported HTTP/2 fixes that can be applied by importing golang.org/x/net/http2 and using ConfigureServer to swap out the bundled implementation. I think that for clear bugs with no workaround short of using an entirely different package, we should be a bit more aggressive about backports, though, so:

@gopherbot please open backport issues. This is an HTTP/2 bug with no good workaround.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Mar 11, 2024
@gopherbot gopherbot mentioned this issue Mar 11, 2024
Closed
@gopherbot gopherbot added this to the Go1.21.9 milestone Mar 11, 2024
@dr2chase dr2chase added the CherryPickApproved Used during the release process for point releases label Mar 20, 2024
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Mar 20, 2024
@thanm
Copy link
Contributor

thanm commented Mar 26, 2024

Checking in on this issue (wearing my release interrupts hat) -- I see the CherryPickApproved label but don't see a cherrypick CL. @neild if I can be of help let me know.

@gopherbot
Copy link
Author

Change https://go.dev/cl/574855 mentions this issue: http2: reject DATA frames after 1xx and before final headers

gopherbot pushed a commit to golang/net that referenced this issue Mar 27, 2024
@neild @gopherbot
[internal-branch.go1.21-vendor] http2: reject DATA frames after 1xx a…
1a2eef3 
…nd before final headers

When checking to see if a DATA frame can be accepted, check to
see if we have received a non-1xx header, not whether we have
received any header.

For golang/go#65927
Fixes golang/go#66254

Change-Id: Id4fae1862de6179f8fc95e02dec7d4c47a7640e1
Reviewed-on: https://go-review.googlesource.com/c/net/+/567175
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-on: https://go-review.googlesource.com/c/net/+/574855
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
@gopherbot
Copy link
Author

Change https://go.dev/cl/574916 mentions this issue: [release-branch.go1.21] all: update golang.org/x/net

@gopherbot
Copy link
Author

Closed by merging 30d8550 to release-branch.go1.21.

gopherbot pushed a commit that referenced this issue Mar 28, 2024
@neild @thanm
[release-branch.go1.21] all: update golang.org/x/net
30d8550 
Pulls in one HTTP/2 fix:

	0b0455d2c9 http2: reject DATA frames after 1xx and before final headers

For #65927
Fixes #66254

Change-Id: I257b2634f63e8c6039c44dea24c345043c23c8d2
Reviewed-on: https://go-review.googlesource.com/c/go/+/574916
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
bassosimone pushed a commit to ooni/oohttp that referenced this issue Apr 8, 2024
@neild @thanm
[release-branch.go1.21] all: update golang.org/x/net
31d3759 
Pulls in one HTTP/2 fix:

	0b0455d2c9 http2: reject DATA frames after 1xx and before final headers

For golang/go#65927
Fixes golang/go#66254

Change-Id: I257b2634f63e8c6039c44dea24c345043c23c8d2
Reviewed-on: https://go-review.googlesource.com/c/go/+/574916
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases
Projects
None yet
Milestone
Go1.21.9
Development

No branches or pull requests
3 participants
@dr2chase @gopherbot @thanm