Skip to content

Commit

Permalink
Fix panic while reading invalid trailers
Browse files Browse the repository at this point in the history
  • Loading branch information
erikdubbelboer committed Mar 1, 2022
1 parent 856ca8e commit 1116d03
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions header.go
Original file line number Diff line number Diff line change
Expand Up @@ -2442,6 +2442,10 @@ func (h *RequestHeader) parseTrailer(buf []byte) (int, error) {
}

func isBadTrailer(key []byte) bool {
if len(key) == 0 {
return true
}

switch key[0] | 0x20 {
case 'a':
return caseInsensitiveCompare(key, strAuthorization)
Expand Down
3 changes: 3 additions & 0 deletions http_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ func TestInvalidTrailers(t *testing.T) {
if err := (&Response{}).Read(bufio.NewReader(bytes.NewReader([]byte{0x54, 0x52, 0x61, 0x49, 0x4c, 0x65, 0x52, 0x3a, 0x2c, 0x0a, 0x0a}))); !strings.Contains(err.Error(), "cannot find whitespace in the first line of response") {
t.Fatal(err)
}
if err := (&Request{}).Read(bufio.NewReader(bytes.NewReader([]byte{0xff, 0x20, 0x0a, 0x54, 0x52, 0x61, 0x49, 0x4c, 0x65, 0x52, 0x3a, 0x2c, 0x0a, 0x0a}))); !strings.Contains(err.Error(), "contain forbidden trailer") {
t.Fatal(err)
}

b, _ := base64.StdEncoding.DecodeString("tCAKIDoKCToKICAKCToKICAKCToKIAogOgoJOgogIAoJOgovIC8vOi4KOh0KVFJhSUxlUjo9HT09HQpUUmFJTGVSOicQAApUUmFJTGVSOj0gHSAKCT09HQoKOgoKCgo=")
if err := (&Request{}).Read(bufio.NewReader(bytes.NewReader(b))); !strings.Contains(err.Error(), "error when reading request headers: invalid header key") {
Expand Down

0 comments on commit 1116d03

Please sign in to comment.