Closed
Description
What version of Go are you using (go version)?
go1.9, problem exists in the master branch
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (go env)?
not related
What did you do?
use a faulty proxy server
What did you expect to see?
no panic, error is returned
What did you see instead?
a panic
The problem is in this line: https://github.com/golang/go/blob/master/src/net/http/transport.go#L1133
if resp.StatusCode != 200 {
f := strings.SplitN(resp.Status, " ", 2)
conn.Close()
return nil, errors.New(f[1])
}
The slice size of f is not checked. Therefore, if resp.Status has no spaces, the following panic is generated instead of the error:
panic: runtime error: index out of range
goroutine 101523 [running]:
net/http.(*Transport).dialConn(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc4231c1400, 0xa5ed93, 0x5, 0xc420b9dee0, 0xd, 0xc4238a8380, 0x0, ...)
/usr/lib64/go/src/net/http/transport.go:1128 +0x2090
net/http.(*Transport).getConn.func4(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc421372300, 0xc4209a40c0)
/usr/lib64/go/src/net/http/transport.go:943 +0x78
created by net/http.(*Transport).getConn
/usr/lib64/go/src/net/http/transport.go:942 +0x393