Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: panic: runtime error: index out of range (when using a faulty proxy server) #22179

derlaft opened this issue Oct 8, 2017 · 8 comments


Copy link

@derlaft derlaft commented Oct 8, 2017

What version of Go are you using (go version)?

go1.9, problem exists in the master branch

Does this issue reproduce with the latest release?


What operating system and processor architecture are you using (go env)?

not related

What did you do?

use a faulty proxy server

What did you expect to see?

no panic, error is returned

What did you see instead?

a panic

The problem is in this line:

	if resp.StatusCode != 200 {
		f := strings.SplitN(resp.Status, " ", 2)
		return nil, errors.New(f[1])

The slice size of f is not checked. Therefore, if resp.Status has no spaces, the following panic is generated instead of the error:

   panic: runtime error: index out of range
   goroutine 101523 [running]:
   net/http.(*Transport).dialConn(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc4231c1400, 0xa5ed93, 0x5, 0xc420b9dee0, 0xd, 0xc4238a8380, 0x0, ...)
           /usr/lib64/go/src/net/http/transport.go:1128 +0x2090
   net/http.(*Transport).getConn.func4(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc421372300, 0xc4209a40c0)
           /usr/lib64/go/src/net/http/transport.go:943 +0x78
   created by net/http.(*Transport).getConn
           /usr/lib64/go/src/net/http/transport.go:942 +0x393
Copy link

@odeke-em odeke-em commented Oct 9, 2017

Thank you for the report @derlaft. This issue is a duplicate of #21701 and there is a CL and test ready for it, we just need to test out the code on Windows and then we'll be ready to merge and fix it. /cc @tombergan

@odeke-em odeke-em closed this Oct 9, 2017
Copy link

@derlaft derlaft commented Oct 9, 2017

Thank you. Sorry for the dupe -- I checked the issues before posting, but not carefully enough.

Copy link

@odeke-em odeke-em commented Oct 9, 2017

That's alright @derlaft, it wasn't an obvious duplicate at all, I too had to double check and it is only by familiarity of that issue that I recalled it :)

Copy link

@odeke-em odeke-em commented Oct 22, 2017

@derlaft please get the latest from master, this bug was fixed by CL that was merged already. Thank you for your report.

Copy link

@anhhh11 anhhh11 commented Jan 22, 2018

How can I apply these patch to Go official package or must build Go from scratch?

Copy link

@odeke-em odeke-em commented Jan 22, 2018

@anhhh11 you can take a look at or you can build from source as per

Copy link

@missdeer missdeer commented Jan 28, 2018

@odeke-em seemly i meet the same issue with go 1.9.3 on Windows, didn't it be fixed yet?

Copy link

@odeke-em odeke-em commented Jan 29, 2018

@missdeer it is fixed on Go1.10 and beyond, please try out Go1.10rc1 as per the comments on #22179 (comment)

@golang golang locked and limited conversation to collaborators Jan 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.