Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: panic: runtime error: index out of range (when using a faulty proxy server) #22179

Closed
derlaft opened this issue Oct 8, 2017 · 8 comments

Comments

Projects
None yet
5 participants
@derlaft
Copy link

commented Oct 8, 2017

What version of Go are you using (go version)?

go1.9, problem exists in the master branch

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

not related

What did you do?

use a faulty proxy server

What did you expect to see?

no panic, error is returned

What did you see instead?

a panic

The problem is in this line: https://github.com/golang/go/blob/master/src/net/http/transport.go#L1133

	if resp.StatusCode != 200 {
		f := strings.SplitN(resp.Status, " ", 2)
		conn.Close()
		return nil, errors.New(f[1])
	}

The slice size of f is not checked. Therefore, if resp.Status has no spaces, the following panic is generated instead of the error:

   panic: runtime error: index out of range
   goroutine 101523 [running]:
   net/http.(*Transport).dialConn(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc4231c1400, 0xa5ed93, 0x5, 0xc420b9dee0, 0xd, 0xc4238a8380, 0x0, ...)
           /usr/lib64/go/src/net/http/transport.go:1128 +0x2090
   net/http.(*Transport).getConn.func4(0xc4236d3860, 0xd6a780, 0xc42007e030, 0xc421372300, 0xc4209a40c0)
           /usr/lib64/go/src/net/http/transport.go:943 +0x78
   created by net/http.(*Transport).getConn
           /usr/lib64/go/src/net/http/transport.go:942 +0x393
@odeke-em

This comment has been minimized.

Copy link
Member

commented Oct 9, 2017

Thank you for the report @derlaft. This issue is a duplicate of #21701 and there is a CL and test ready for it, we just need to test out the code on Windows and then we'll be ready to merge and fix it. /cc @tombergan

@odeke-em odeke-em closed this Oct 9, 2017

@derlaft

This comment has been minimized.

Copy link
Author

commented Oct 9, 2017

Thank you. Sorry for the dupe -- I checked the issues before posting, but not carefully enough.

@odeke-em

This comment has been minimized.

Copy link
Member

commented Oct 9, 2017

That's alright @derlaft, it wasn't an obvious duplicate at all, I too had to double check and it is only by familiarity of that issue that I recalled it :)

@odeke-em

This comment has been minimized.

Copy link
Member

commented Oct 22, 2017

@derlaft please get the latest from master, this bug was fixed by CL https://go-review.googlesource.com/c/59990/ that was merged already. Thank you for your report.

@anhhh11

This comment has been minimized.

Copy link

commented Jan 22, 2018

How can I apply these patch to Go official package or must build Go from scratch?

@odeke-em

This comment has been minimized.

Copy link
Member

commented Jan 22, 2018

@anhhh11 you can take a look at https://golang.org/dl/#unstable or you can build from source as per https://golang.org/doc/install/source

@missdeer

This comment has been minimized.

Copy link

commented Jan 28, 2018

@odeke-em seemly i meet the same issue with go 1.9.3 on Windows, didn't it be fixed yet?

@odeke-em

This comment has been minimized.

Copy link
Member

commented Jan 29, 2018

@missdeer it is fixed on Go1.10 and beyond, please try out Go1.10rc1 as per the comments on #22179 (comment)

@golang golang locked and limited conversation to collaborators Jan 29, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.