golang
diff --git a/‎http2/transport.go
Copy file name to clipboardExpand all lines: http2/transport.go
+22-11Lines changed: 22 additions & 11 deletions b/‎http2/transport.go
Copy file name to clipboardExpand all lines: http2/transport.go
+22-11Lines changed: 22 additions & 11 deletions
diff --git a/‎http2/transport_test.go
Copy file name to clipboardExpand all lines: http2/transport_test.go
+12-1Lines changed: 12 additions & 1 deletion b/‎http2/transport_test.go
Copy file name to clipboardExpand all lines: http2/transport_test.go
+12-1Lines changed: 12 additions & 1 deletion
@@ -2019,6 +2019,22 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error)
 	}
 }
 
+func validateHeaders(hdrs http.Header) string {
+	for k, vv := range hdrs {
+		if !httpguts.ValidHeaderFieldName(k) {
+			return fmt.Sprintf("name %q", k)
+		}
+		for _, v := range vv {
+			if !httpguts.ValidHeaderFieldValue(v) {
+				// Don't include the value in the error,
+				// because it may be sensitive.
+				return fmt.Sprintf("value for header %q", k)
+			}
+		}
+	}
+	return ""
+}
+
 var errNilRequestURL = errors.New("http2: Request.URI is nil")
 
 // requires cc.wmu be held.
@@ -2056,19 +2072,14 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail
 		}
 	}
 
-	// Check for any invalid headers and return an error before we
+	// Check for any invalid headers+trailers and return an error before we
 	// potentially pollute our hpack state. (We want to be able to
 	// continue to reuse the hpack encoder for future requests)
-	for k, vv := range req.Header {
-		if !httpguts.ValidHeaderFieldName(k) {
-			return nil, fmt.Errorf("invalid HTTP header name %q", k)
-		}
-		for _, v := range vv {
-			if !httpguts.ValidHeaderFieldValue(v) {
-				// Don't include the value in the error, because it may be sensitive.
-				return nil, fmt.Errorf("invalid HTTP header value for header %q", k)
-			}
-		}
+	if err := validateHeaders(req.Header); err != "" {
+		return nil, fmt.Errorf("invalid HTTP header %s", err)
+	}
+	if err := validateHeaders(req.Trailer); err != "" {
+		return nil, fmt.Errorf("invalid HTTP trailer %s", err)
 	}
 
 	enumerateHeaders := func(f func(name, value string)) {
 
@@ -2290,7 +2290,8 @@ func TestTransportRejectsContentLengthWithSign(t *testing.T) {
 }
 
 // golang.org/issue/14048
-func TestTransportFailsOnInvalidHeaders(t *testing.T) {
+// golang.org/issue/64766
+func TestTransportFailsOnInvalidHeadersAndTrailers(t *testing.T) {
 	st := newServerTester(t, func(w http.ResponseWriter, r *http.Request) {
 		var got []string
 		for k := range r.Header {
@@ -2303,6 +2304,7 @@ func TestTransportFailsOnInvalidHeaders(t *testing.T) {
 
 	tests := [...]struct {
 		h       http.Header
+		t       http.Header
 		wantErr string
 	}{
 		0: {
@@ -2321,6 +2323,14 @@ func TestTransportFailsOnInvalidHeaders(t *testing.T) {
 			h:       http.Header{"foo": {"foo\x01bar"}},
 			wantErr: `invalid HTTP header value for header "foo"`,
 		},
+		4: {
+			t:       http.Header{"foo": {"foo\x01bar"}},
+			wantErr: `invalid HTTP trailer value for header "foo"`,
+		},
+		5: {
+			t:       http.Header{"x-\r\nda": {"foo\x01bar"}},
+			wantErr: `invalid HTTP trailer name "x-\r\nda"`,
+		},
 	}
 
 	tr := &Transport{TLSClientConfig: tlsConfigInsecure}
@@ -2329,6 +2339,7 @@ func TestTransportFailsOnInvalidHeaders(t *testing.T) {
 	for i, tt := range tests {
 		req, _ := http.NewRequest("GET", st.ts.URL, nil)
 		req.Header = tt.h
+		req.Trailer = tt.t
 		res, err := tr.RoundTrip(req)
 		var bad bool
 		if tt.wantErr == "" {