From 03bccc9aa2a29a03f5a65d56b0ceaace4a66a0d5 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Sat, 11 May 2024 10:33:04 +0800
Subject: [PATCH] fix CVE-2023-29406

---
 vendor/golang.org/x/net/http2/transport.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index 4f09897..e1bb430 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -1739,6 +1739,9 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 	if err != nil {
 		return nil, err
 	}
+	if !httpguts.ValidHostHeader(host) {
+		return nil, errors.New("http: invalid Host header")
+	}
 
 	var path string
 	if req.Method != "CONNECT" {
-- 
2.33.0