net/http: After HTTP write StatusSwitchingProtocols, calling Hijack doesn't clean up req.Body data #61841
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
WaitingForInfo
Issue is not actionable because of missing required information, which needs to be provided.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
The issue with the latest code of master still exists
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
When Containerd processes exec requests, it will upgrade the HTTP protocol to SPDY through HTTP Upgrade.
In the
Hijack
function, ifwriteHeader==true
,w.cw.flush()
will be calledgo/src/net/http/server.go
Lines 2075 to 2077 in 24f83ed
and the
writeHeader
in theflush
function will eventually clear the content of req.Body:go/src/net/http/server.go
Lines 397 to 402 in 2c95fa4
go/src/net/http/server.go
Lines 1401 to 1422 in 2c95fa4
So if you want to clear req.Body,
writeHeader
must be true. writeHeader is set in the(w *response) WriteHeader
function. But if the code is 101, it will not be set. So in our scene,writeHeader
is always false.go/src/net/http/server.go
Lines 1143 to 1181 in 24f83ed
If there is data in the HTTP Body (such as Transfer-Encoding: chunked time, Body is 0\r\n\r\n), the raw conn obtained by Hijack will always have dirty data, resulting in the upgraded protocol (such as SPDY, WebSocket) have problems.
Can we modify
Hijack
like this?What did you expect to see?
What did you see instead?
The text was updated successfully, but these errors were encountered: