You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Package "net/http/fcgi" of Go 1.5beta2 suffers from a panic of "slice out of range".
You can reproduce the panic by the following FastCGI server and FastCGI client programs:
FastCGI records use name-value binary format to represent a key-value pair. The method (*request).parseParams() in net/http/fcgi/child.go doesn't check whether there is exactly bytes in buffer for key length plus value length (which are provided by client) and blindly use them to index the buffer slice, so the "out of range" panic occurs. The codes follow:
Package "net/http/fcgi" of Go 1.5beta2 suffers from a panic of "slice out of range".
You can reproduce the panic by the following FastCGI server and FastCGI client programs:
s.go
c.go
The result
Analysis
FastCGI records use name-value binary format to represent a key-value pair. The method (*request).parseParams() in net/http/fcgi/child.go doesn't check whether there is exactly bytes in buffer for key length plus value length (which are provided by client) and blindly use them to index the buffer slice, so the "out of range" panic occurs. The codes follow:
Solution
Ensure the keyLen + ValueLen small then the size of the buffer left.
The text was updated successfully, but these errors were encountered: