Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: panic: runtime error: index out of range (when using a faulty proxy server) #22179

Closed
derlaft opened this issue Oct 8, 2017 · 8 comments

Comments

@derlaft
Copy link

derlaft commented Oct 8, 2017

What version of Go are you using (go version)?

go1.9, problem exists in the master branch

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

not related

What did you do?

use a faulty proxy server

What did you expect to see?

no panic, error is returned

What did you see instead?

a panic

The problem is in this line: https://github.com/golang/go/blob/master/src/net/http/transport.go#L1133

	if resp.StatusCode != 200 {
		f := strings.SplitN(resp.Status, " ", 2)
		conn.Close()
		return nil, errors.New(f[1])
	}

The slice size of f is not checked. Therefore, if resp.Status has no spaces, the following panic is generated instead of the error:

   panic: runtime error: index out of range
   goroutine 101523 [running]:
   net/http.(*Transport).dialConn(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc4231c1400, 0xa5ed93, 0x5, 0xc420b9dee0, 0xd, 0xc4238a8380, 0x0, ...)
           /usr/lib64/go/src/net/http/transport.go:1128 +0x2090
   net/http.(*Transport).getConn.func4(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc421372300, 0xc4209a40c0)
           /usr/lib64/go/src/net/http/transport.go:943 +0x78
   created by net/http.(*Transport).getConn
           /usr/lib64/go/src/net/http/transport.go:942 +0x393
@odeke-em
Copy link
Member

odeke-em commented Oct 9, 2017

Thank you for the report @derlaft. This issue is a duplicate of #21701 and there is a CL and test ready for it, we just need to test out the code on Windows and then we'll be ready to merge and fix it. /cc @tombergan

@odeke-em odeke-em closed this as completed Oct 9, 2017
@derlaft
Copy link
Author

derlaft commented Oct 9, 2017

Thank you. Sorry for the dupe -- I checked the issues before posting, but not carefully enough.

@odeke-em
Copy link
Member

odeke-em commented Oct 9, 2017

That's alright @derlaft, it wasn't an obvious duplicate at all, I too had to double check and it is only by familiarity of that issue that I recalled it :)

@odeke-em
Copy link
Member

@derlaft please get the latest from master, this bug was fixed by CL https://go-review.googlesource.com/c/59990/ that was merged already. Thank you for your report.

@anhhh11
Copy link

anhhh11 commented Jan 22, 2018

How can I apply these patch to Go official package or must build Go from scratch?

@odeke-em
Copy link
Member

@anhhh11 you can take a look at https://golang.org/dl/#unstable or you can build from source as per https://golang.org/doc/install/source

@missdeer
Copy link

@odeke-em seemly i meet the same issue with go 1.9.3 on Windows, didn't it be fixed yet?

@odeke-em
Copy link
Member

@missdeer it is fixed on Go1.10 and beyond, please try out Go1.10rc1 as per the comments on #22179 (comment)

@golang golang locked and limited conversation to collaborators Jan 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants