Skip to content

Commit

Permalink
Fix panic in header parser
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikdubbelboer
erikdubbelboer committed Dec 14, 2019
1 parent fd55658 commit 415e5fc
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
16 changes: 15 additions & 1 deletion header.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2229,9 +2229,23 @@ func normalizeHeaderValue(ov, ob []byte, headerLength int) (nv, nb []byte, nhl i
nv[write] = c
write++
}

nv = nv[:write]
copy(ob[write:], ob[write+shrunk:])
nb = ob[write+2 : len(ob)-shrunk]

// Check if we need to skip \r\n or just \n
skip := 0
if ob[write] == '\r' {
if ob[write+1] == '\n' {
skip += 2
} else {
skip++
}
} else if ob[write] == '\n' {
skip++
}

nb = ob[write+skip : len(ob)-shrunk]
nhl = headerLength - shrunk
return
}
Expand Down
8 changes: 8 additions & 0 deletions header_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package fasthttp
import (
"bufio"
"bytes"
"encoding/base64"
"fmt"
"io"
"io/ioutil"
Expand Down Expand Up @@ -55,6 +56,13 @@ func TestResponseHeaderMultiLineName(t *testing.T) {
}
}

func TestResponseHeaderMultiLinePaniced(t *testing.T) {
// Input generated by fuzz testing that caused the parser to panic.
s, _ := base64.StdEncoding.DecodeString("aAEAIDoKKDoKICA6CgkKCiA6CiA6CgkpCiA6CiA6CiA6Cig6CiAgOgoJCgogOgogOgoJKQogOgogOgogOgogOgogOgoJOg86CiA6CiA6Cig6CiAyCg==")
header := new(RequestHeader)
header.parse(s) //nolint:errcheck
}

func TestResponseHeaderEmptyValueFromHeader(t *testing.T) {
t.Parallel()

Expand Down

0 comments on commit 415e5fc

Please sign in to comment.