Auto merge of #12468 - arlosi:http-debug-crash, r=weihanglo

Fix panic when enabling http.debug for certain strings Fixes an issue where enabling HTTP debugging may attempt to slice a string across a character boundary resulting in a panic. This likely occurs when binary HTTP data happens to be valid UTF-8. By interpreting the strings as `&[u8]` before slicing, (which is what `eq_ignore_ascii_case` did internally anyway), the panic is no longer possible. Closes #12459 r? `@weihanglo`
rust-lang · Aug 9, 2023 · 1d43be1 · 1d43be1
2 parents 2b3554f + 13f1da9
commit 1d43be1
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/cargo/util/network/http.rs b/src/cargo/util/network/http.rs
@@ -152,6 +152,8 @@ pub fn configure_http_handle(config: &Config, handle: &mut Easy) -> CargoResult<
                 _ => return,
             };
             let starts_with_ignore_case = |line: &str, text: &str| -> bool {
+                let line = line.as_bytes();
+                let text = text.as_bytes();
                 line[..line.len().min(text.len())].eq_ignore_ascii_case(text)
             };
             match str::from_utf8(data) {