net/http,x/crypto/ssh: Hijack hangs when underlying net.Conn doesn't support SetReadDeadline #67152
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Go version
go version go1.22.2 linux/amd64
Output of
go env
in your module/workspace:What did you do?
I was trying to have a web server forwarded through an SSH tunnel - I've made an example of this bug in fasmide/the-thing-about-websockets-and-ssh-tunnels
This all works out really well until web sockets are introduced.
This is because the http.response, which does Hijacking, tries to set its net.Conn's deadline to the past to have it unblock its current Read() - but x/crypto/ssh's implementation of net.Conn does not support this.
Furthermore, the http.response does not do any error checking when setting the deadline - so effectively the conn locks up without any indication to anyone about whats going on.
What did you see happen?
Using the example, one should find that using a local net.Listener — everything is fine; however, forwarding the listener through SSH tunnel's, the browser (both Chrome and Firefox) hangs indefinitely trying to connect.
Example of a working local listener:
When opening the webpage, look in the debugger for messages:
Example of a broken forwarded listener:
Now, when opening the same webpage, the websocket is stuck in
(pending)
:What did you expect to see?
I did not expect there to be any differences :)
I don't know if this bug is in net/http or x/crypto/ssh - but given that HTTP hijack'ing usually returns an error if it is unable to hijack a connection, I would imagine some error checking is to be expected in net/http when SetReadDeadline returns an error
The text was updated successfully, but these errors were encountered: