Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix data race in MITM'ed HTTPS request handling #509

Merged
merged 1 commit into from
Aug 8, 2023

Conversation

WGH-
Copy link
Contributor

@WGH- WGH- commented Jul 26, 2023

This data race requires quite of few conditions to appear.

  1. The transport has to have HTTP/2 enabled (in goproxy, it's not by default).
  2. The target server must be an HTTP/2 one.
  3. The request must have a body.
  4. The server must return certain erroneus HTTP status code.
  5. The client must ignore Connection: close header from the proxy
    (4ec7933).

Somehow, I managed to hit all these conditions, and got this error:

panic: runtime error: slice bounds out of range [96:48]

goroutine 341699 [running]:
bufio.(*Reader).ReadSlice(0xc000b0c1e0, 0x80?)
    /usr/local/go/src/bufio/bufio.go:347 +0x225
bufio.(*Reader).ReadLine(0xc000b0c1e0)
    /usr/local/go/src/bufio/bufio.go:401 +0x27
net/textproto.(*Reader).readLineSlice(0xc0013400f0)
    /usr/local/go/src/net/textproto/reader.go:56 +0x99
net/textproto.(*Reader).ReadLine(...)
    /usr/local/go/src/net/textproto/reader.go:39
net/http.readRequest(0xc000847d40?)
    /usr/local/go/src/net/http/request.go:1042 +0xba
net/http.ReadRequest(0xc000b0c1e0?)
    /usr/local/go/src/net/http/request.go:1025 +0x19
github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps.func2()
    /root/go/pkg/mod/github.com/elazarl/goproxy@v0.0.0-20220901064549-fbd10ff4f5a1/https.go:221 +0x3db
created by github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps
    /root/go/pkg/mod/github.com/elazarl/goproxy@v0.0.0-20220901064549-fbd10ff4f5a1/https.go:211 +0x611

Despite 5), goproxy should not break from non-compliant HTTP clients, and "Connection: close" is more like of an accidental fix.

See also golang/go#61596 (comment)

@elazarl
Copy link
Owner

elazarl commented Jul 31, 2023

@WGH- can you please rebase?

This data race requires quite of few conditions to appear.

1) The transport has to have HTTP/2 enabled (in goproxy, it's not by default).
2) The target server must be an HTTP/2 one.
3) The request must have a body.
4) The server must return certain erroneus HTTP status code.
5) The client must ignore Connection: close header from the proxy
   (4ec7933).

Somehow, I managed to hit all these conditions, and got this error:

    panic: runtime error: slice bounds out of range [96:48]

    goroutine 341699 [running]:
    bufio.(*Reader).ReadSlice(0xc000b0c1e0, 0x80?)
        /usr/local/go/src/bufio/bufio.go:347 +0x225
    bufio.(*Reader).ReadLine(0xc000b0c1e0)
        /usr/local/go/src/bufio/bufio.go:401 +0x27
    net/textproto.(*Reader).readLineSlice(0xc0013400f0)
        /usr/local/go/src/net/textproto/reader.go:56 +0x99
    net/textproto.(*Reader).ReadLine(...)
        /usr/local/go/src/net/textproto/reader.go:39
    net/http.readRequest(0xc000847d40?)
        /usr/local/go/src/net/http/request.go:1042 +0xba
    net/http.ReadRequest(0xc000b0c1e0?)
        /usr/local/go/src/net/http/request.go:1025 +0x19
    github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps.func2()
        /root/go/pkg/mod/github.com/elazarl/goproxy@v0.0.0-20220901064549-fbd10ff4f5a1/https.go:221 +0x3db
    created by github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps
        /root/go/pkg/mod/github.com/elazarl/goproxy@v0.0.0-20220901064549-fbd10ff4f5a1/https.go:211 +0x611

Despite 5), goproxy should not break from non-compliant HTTP clients,
and "Connection: close" is more like of an accidental fix.

See also golang/go#61596 (comment)
@WGH- WGH- force-pushed the fix-request-body-race branch from a83dba5 to 5462f01 Compare August 8, 2023 12:33
@WGH-
Copy link
Contributor Author

WGH- commented Aug 8, 2023

Done!

BTW, I tried to write a regression test for it, but it turned out to be quite complicated (given Connection: close and all). So I gave up.

@elazarl elazarl merged commit 2592e75 into elazarl:master Aug 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants