From b1898d2033514b782bddb3f42365dde784161747 Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Sat, 19 Oct 2019 17:50:36 -0700
Subject: [PATCH 1/2] Ensure request body is closed when method is invalid

Fixes a bug where request bodies are not closed when an invalid method name is provided
---
 src/net/http/transport.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/net/http/transport.go b/src/net/http/transport.go
index af48eaa9f0568b..bd9717ea1501e4 100644
--- a/src/net/http/transport.go
+++ b/src/net/http/transport.go
@@ -492,6 +492,7 @@ func (t *Transport) roundTrip(req *Request) (*Response, error) {
 		return nil, &badStringError{"unsupported protocol scheme", scheme}
 	}
 	if req.Method != "" && !validMethod(req.Method) {
+		req.closeBody()
 		return nil, fmt.Errorf("net/http: invalid method %q", req.Method)
 	}
 	if req.URL.Host == "" {

From 4bfc56e71660ad9624ac5eb594b3afd0d221c99d Mon Sep 17 00:00:00 2001
From: Luke Young <bored-engineer@users.noreply.github.com>
Date: Sat, 19 Oct 2019 22:53:15 -0700
Subject: [PATCH 2/2] net/http: make Transport fail tests if request body is
 not closed when using invalid method

---
 src/net/http/transport_test.go | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
index d7eef0d94cc51b..0fe1283d97e8af 100644
--- a/src/net/http/transport_test.go
+++ b/src/net/http/transport_test.go
@@ -5719,3 +5719,32 @@ func TestInvalidHeaderResponse(t *testing.T) {
 		t.Errorf(`bad "Foo " header value: %q, want %q`, v, "bar")
 	}
 }
+
+type bodyCloser bool
+
+func (bc *bodyCloser) Close() error {
+	*bc = true
+	return nil
+}
+func (bc *bodyCloser) Read(b []byte) (n int, err error) {
+	return 0, io.EOF
+}
+
+func TestInvalidMethodClosesBody(t *testing.T) {
+	cst := httptest.NewServer(HandlerFunc(func(w ResponseWriter, r *Request) {}))
+	defer cst.Close()
+	var bc bodyCloser
+	u, _ := url.Parse(cst.URL)
+	req := &Request{
+		Method: " ",
+		URL:    u,
+		Body:   &bc,
+	}
+	_, err := DefaultClient.Do(req)
+	if err == nil {
+		t.Fatal("Expected an error")
+	}
+	if !bc {
+		t.Fatal("Expected body to have been closed")
+	}
+}