vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0

full diffs changes relevant to vendored code: - https://github.com/golang/net/compare/v0.20.0...v0.22.0 - http2: remove suspicious uint32->v conversion in frame code - http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets - https://github.com/golang/crypto/compare/v0.18.0...v0.21.0 - x/crypto/internal/poly1305: improve sum_ppc64le.s Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-09 21:17:09 +08:00 · 2024-04-10 17:14:09 +02:00
parent d347499112
commit fbddc9ebea
7 changed files with 36 additions and 26 deletions
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@ -1510,13 +1510,12 @@ func (mh *MetaHeadersFrame) checkPseudos() error {
 }

 func (fr *Framer) maxHeaderStringLen() int {
-	v := fr.maxHeaderListSize()
-	if uint32(int(v)) == v {
-		return int(v)
+	v := int(fr.maxHeaderListSize())
+	if v < 0 {
+		// If maxHeaderListSize overflows an int, use no limit (0).
+		return 0
 	}
-	// They had a crazy big number for MaxHeaderBytes anyway,
-	// so give them unlimited header lengths:
-	return 0
+	return v
 }

 // readMetaFrame returns 0 or more CONTINUATION frames from fr and