Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: http2 round tripper nil pointer dereference causes panic causing deadlock [1.22 backport] #66255

Closed
gopherbot opened this issue Mar 11, 2024 · 6 comments
Closed

net/http: http2 round tripper nil pointer dereference causes panic causing deadlock [1.22 backport] #66255

gopherbot opened this issue Mar 11, 2024 · 6 comments
Labels
CherryPickApproved Used during the release process for point releases
Milestone
Go1.22.2

Comments

@gopherbot
Copy link

@neild requested issue #65927 to be considered for backport to the next 1.22 minor release.

@niallnsec Thanks, that gives me some added confidence that we've correctly identified the root cause.

Historically, we haven't backported HTTP/2 fixes that can be applied by importing golang.org/x/net/http2 and using ConfigureServer to swap out the bundled implementation. I think that for clear bugs with no workaround short of using an entirely different package, we should be a bit more aggressive about backports, though, so:

@gopherbot please open backport issues. This is an HTTP/2 bug with no good workaround.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Mar 11, 2024
@gopherbot gopherbot mentioned this issue Mar 11, 2024
Closed
@gopherbot gopherbot added this to the Go1.22.2 milestone Mar 11, 2024
@dr2chase dr2chase added the CherryPickApproved Used during the release process for point releases label Mar 20, 2024
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Mar 20, 2024
@thanm
Copy link
Contributor

thanm commented Mar 26, 2024

Checking in on this issue (wearing my release interrupts hat) -- I see the CherryPickApproved label but don't see a cherrypick CL. @neild if I can be of help let me know.

@neild
Copy link
Contributor

neild commented Mar 26, 2024

The x/net repo doesn't have an internal-branch.go1.22-vendor branch created yet, so I haven't been able to create the cherrypick CL.

@thanm
Copy link
Contributor

thanm commented Mar 27, 2024

The x/net repo doesn't have an internal-branch.go1.22-vendor branch created yet, so I haven't been able to create the cherrypick CL.

internal-branch.go1.22-vendor should be set up at this point, thanks.

@gopherbot
Copy link
Author

Change https://go.dev/cl/574875 mentions this issue: [internal-branch.go1.22-vendor] http2: reject DATA frames after 1xx and before final headers

gopherbot pushed a commit to golang/net that referenced this issue Mar 27, 2024
@neild @gopherbot
[internal-branch.go1.22-vendor] http2: reject DATA frames after 1xx a…
ae3c50b 
…nd before final headers

When checking to see if a DATA frame can be accepted, check to
see if we have received a non-1xx header, not whether we have
received any header.

For golang/go#65927
Fixes golang/go#66255

Change-Id: Id4fae1862de6179f8fc95e02dec7d4c47a7640e1
Reviewed-on: https://go-review.googlesource.com/c/net/+/567175
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-on: https://go-review.googlesource.com/c/net/+/574875
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
@gopherbot
Copy link
Author

Change https://go.dev/cl/574935 mentions this issue: [release-branch.go1.22] all: update golang.org/x/net

@gopherbot
Copy link
Author

Closed by merging 4edf4bb to release-branch.go1.22.

gopherbot pushed a commit that referenced this issue Mar 28, 2024
@neild @thanm
[release-branch.go1.22] all: update golang.org/x/net
4edf4bb 
Pulls in one HTTP/2 fix:

	ae3c50b55f http2: reject DATA frames after 1xx and before final headers

For #65927
Fixes #66255

Change-Id: Ib810455297083fc0722a997d0aa675132c38393c
Reviewed-on: https://go-review.googlesource.com/c/go/+/574935
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases
Projects
None yet
Milestone
Go1.22.2
Development

No branches or pull requests
4 participants
@neild @dr2chase @gopherbot @thanm