net/http: ReadRequest can stack overflow [1.16 backport]

[gopherbot]

@katiehockman requested issue #45710 to be considered for backport to the next 1.16 minor release.

@gopherbot please consider this for backport to 1.16.4 and 1.15.12, it's a security issue.

[dmitshur]

Approved as this is a security fix. This backport applies to both 1.16 (this issue) and 1.15 (#45711).

[gopherbot]

Change https://golang.org/cl/314649 mentions this issue: [internal-branch.go1.16-vendor

[gopherbot]

Change https://golang.org/cl/314789 mentions this issue: [release-branch.go1.16] std: update golang.org/x/net to 20210428183300-3f4a416c7d3b

[gopherbot]

Closed by merging d4adea2 to release-branch.go1.16.