• Didier Spezia's avatar
    net/http/fcgi: fix panic with malformed params record · b7fa4f27
    Didier Spezia authored
    As stated in FastCGI specifications:
    
    FastCGI transmits a name-value pair as the length of the name,
    followed by the length of the value, followed by the name,
    followed by the value.
    
    The current implementation trusts the name and value length
    provided in the record, leading to a panic if the record
    is malformed.
    
    Added an explicit check on the lengths.
    
    Test case and fix suggested by diogin@gmail.com (Jingcheng Zhang)
    
    Fixes #11824
    
    Change-Id: I883a1982ea46465e1fb02e0e02b6a4df9e529ae4
    Reviewed-on: https://go-review.googlesource.com/15015Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
    Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    b7fa4f27
Name
Last commit
Last update
..
cgi Loading commit data...
cookiejar Loading commit data...
fcgi Loading commit data...
httptest Loading commit data...
httputil Loading commit data...
internal Loading commit data...
pprof Loading commit data...
testdata Loading commit data...
client.go Loading commit data...
client_test.go Loading commit data...
cookie.go Loading commit data...
cookie_test.go Loading commit data...
doc.go Loading commit data...
example_test.go Loading commit data...
export_test.go Loading commit data...
filetransport.go Loading commit data...
filetransport_test.go Loading commit data...
fs.go Loading commit data...
fs_test.go Loading commit data...
header.go Loading commit data...
header_test.go Loading commit data...
http_test.go Loading commit data...
jar.go Loading commit data...
lex.go Loading commit data...
lex_test.go Loading commit data...
main_test.go Loading commit data...
npn_test.go Loading commit data...
proxy_test.go Loading commit data...
race.go Loading commit data...
range_test.go Loading commit data...
readrequest_test.go Loading commit data...
request.go Loading commit data...
request_test.go Loading commit data...
requestwrite_test.go Loading commit data...
response.go Loading commit data...
response_test.go Loading commit data...
responsewrite_test.go Loading commit data...
serve_test.go Loading commit data...
server.go Loading commit data...
sniff.go Loading commit data...
sniff_test.go Loading commit data...
status.go Loading commit data...
transfer.go Loading commit data...
transfer_test.go Loading commit data...
transport.go Loading commit data...
transport_test.go Loading commit data...
triv.go Loading commit data...