Skip to content
This repository has been archived by the owner on Mar 24, 2022. It is now read-only.

Commit

Permalink
ErrRequestHeaderTooLarge
Browse files Browse the repository at this point in the history
  • Loading branch information
@lemon-mint
lemon-mint committed Feb 26, 2022
1 parent cbb8c3c commit 372f3c8
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 5 deletions.
8 changes: 8 additions & 0 deletions reader.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@ parse:
return 0, err
}

if len(r.NextBuffer) == cap(r.ReadBuffer) {
return 0, ErrRequestHeaderTooLarge
}

// Retry parsing
retryCount++
if retryCount > 1 {
Expand All @@ -82,6 +86,10 @@ parse:
return 0, err
}

if len(r.NextBuffer) == cap(r.ReadBuffer) {
return 0, ErrRequestHeaderTooLarge
}

// Retry parsing
retryCount++
if retryCount > 1 {
Expand Down
11 changes: 6 additions & 5 deletions request.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ var ErrInvalidURI = errors.New("invalid uri")
var ErrInvalidVersion = errors.New("invalid version")

var ErrBufferTooSmall = errors.New("buffer too small")
var ErrRequestHeaderTooLarge = errors.New("request header too large")

func splitLine(src []byte) (line, rest []byte, err error) {
idx := bytes.IndexByte(src, '\n')
Expand Down Expand Up @@ -140,15 +141,15 @@ func ParseRequestLine(dst *Request, src []byte) (next []byte, err error) {
var line []byte
line, next, err = splitLine(next)
if err != nil {
return nil, err
return next, err
}
MethodIndex := bytes.IndexByte(line, ' ')
if MethodIndex < 0 || MethodIndex < 3 {
return nil, ErrInvalidMethod
return next, ErrInvalidMethod
}
URIIndex := bytes.IndexByte(line[MethodIndex+1:], ' ')
if URIIndex < 0 {
return nil, ErrInvalidURI
return next, ErrInvalidURI
}
dst.RawURI = line[MethodIndex+1 : MethodIndex+1+URIIndex]
dst.Version = line[MethodIndex+1+URIIndex+1:]
Expand All @@ -167,7 +168,7 @@ func ParseHeaders(dst *Request, src []byte) (next []byte, err error) {
for {
line, next, err = splitLine(next)
if err != nil {
return nil, err
return next, err
}
if len(line) == 0 {
break
Expand All @@ -179,7 +180,7 @@ func ParseHeaders(dst *Request, src []byte) (next []byte, err error) {
if stricmp(h.Name, ContentLengthHeader) {
dst.ContentLength, err = ParseContentLength(h.RawValue)
if err != nil {
return nil, err
return next, err
}
}
}
Expand Down

2 comments on commit 372f3c8

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Golang CI Tools Report

Report generated at: 2022-02-26T05:54:54Z

Go version: go1.17.7

golang-ci-tools version: 0.1.2-dev

staticcheck

🎉  No staticcheck errors found!

gosec

** Issue Detected **

[gosec] 2022/02/26 05:54:58 Including rules: default
[gosec] 2022/02/26 05:54:58 Excluding rules: default
[gosec] 2022/02/26 05:54:58 Import directory: /home/runner/work/h1/h1
[gosec] 2022/02/26 05:54:58 Import directory: /home/runner/work/h1/h1/fuzz
[gosec] 2022/02/26 05:54:59 Import directory: /home/runner/work/h1/h1/tests
[gosec] 2022/02/26 05:54:59 Checking package: fuzz
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/fuzz/fuzz.go
[gosec] 2022/02/26 05:54:59 Import directory: /home/runner/work/h1/h1/tests/urlescape
[gosec] 2022/02/26 05:54:59 Checking package: h1
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/any.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/fastdate.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/headers.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/methods.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/reader.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/request.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/response.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/status.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/strbytes.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/stricmp.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/uri.go
[gosec] 2022/02/26 05:54:59 Import directory: /home/runner/work/h1/h1/testserver
[gosec] 2022/02/26 05:54:59 Checking package: main
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/tests/run.go
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/tests/upload.go
[gosec] 2022/02/26 05:54:59 Checking package: main
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/tests/urlescape/escape.go
[gosec] 2022/02/26 05:54:59 Checking package: main
[gosec] 2022/02/26 05:54:59 Checking file: /home/runner/work/h1/h1/testserver/main.go
Results:


[/home/runner/work/h1/h1/tests/run.go:50] - G204 (CWE-78): Subprocess launched with a potential tainted input or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
    49: 		var MemImageBuffer bytes.Buffer
  > 50: 		cmd = exec.Command("go", "tool", "pprof", "-png", "./testOutput/"+benchmark+"_memprofile.out")
    51: 		cmd.Stdout = &MemImageBuffer



[/home/runner/work/h1/h1/tests/run.go:41] - G204 (CWE-78): Subprocess launched with a potential tainted input or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
    40: 		var CPUImageBuffer bytes.Buffer
  > 41: 		cmd = exec.Command("go", "tool", "pprof", "-png", "./testOutput/"+benchmark+"_profile.out")
    42: 		cmd.Stdout = &CPUImageBuffer



[/home/runner/work/h1/h1/tests/run.go:32] - G204 (CWE-78): Subprocess launched with a potential tainted input or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
    31: 		var buffer bytes.Buffer
  > 32: 		cmd := exec.Command("go", "test", "-bench="+benchmark, "-benchmem", "-cpuprofile", "testOutput/"+benchmark+"_profile.out", "-memprofile", "testOutput/"+benchmark+"_memprofile.out")
    33: 		cmd.Stdout = &buffer



[/home/runner/work/h1/h1/tests/urlescape/escape.go:12] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    11: 	filename := os.Args[1]
  > 12: 	file, err := os.Open(filename)
    13: 	if err != nil {



[/home/runner/work/h1/h1/tests/run.go:23] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    22: func main() {
  > 23: 	err := os.Mkdir("testOutput", 0777)
    24: 	if err != nil {



[/home/runner/work/h1/h1/tests/urlescape/escape.go:16] - G307 (CWE-703): Deferring unsafe method "Close" on type "*os.File" (Confidence: HIGH, Severity: MEDIUM)
    15: 	}
  > 16: 	defer file.Close()
    17: 	data, err := io.ReadAll(file)



[/home/runner/work/h1/h1/testserver/main.go:57] - G102 (CWE-200): Binds to all network interfaces (Confidence: HIGH, Severity: MEDIUM)
    56: func main() {
  > 57: 	ln, err := net.Listen("tcp", ":50901")
    58: 	if err != nil {



[/home/runner/work/h1/h1/fastdate.go:51] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
    50: 
  > 51: 	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&fds.current)), unsafe.Pointer(new))
    52: }



[/home/runner/work/h1/h1/fastdate.go:51] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
    50: 
  > 51: 	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&fds.current)), unsafe.Pointer(new))
    52: }



[/home/runner/work/h1/h1/testserver/main.go:44] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    43: 		resp.WriteHeader(200)
  > 44: 		resp.WriteString("Hello, World!")
    45: 



[/home/runner/work/h1/h1/testserver/main.go:43] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    42: 		//resp.Connection = h1.ConnectionKeepAlive
  > 43: 		resp.WriteHeader(200)
    44: 		resp.WriteString("Hello, World!")



[/home/runner/work/h1/h1/fuzz/fuzz.go:11] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    10: 	var r h1.Request
  > 11: 	h1.ParseRequest(&r, bytes.NewReader(data))
    12: 	return 0



Summary:
  Gosec  : dev
  Files  : 16
  Lines  : 1404
  Nosec  : 2
  Issues : 12

gocap

github.com/go-www/h1 (network, reflect, unsafe)

go-licenses

Package Name License File License
github.com/go-www/h1 https://github.com/go-www/h1/blob/master/LICENSE MIT

Dependencies

Total dependencies: 0

Show Full Dependencies

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Benchmark Results (OS:linux)

Benchmark BenchmarkParseRequest

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
BenchmarkParseRequest-2   	 6362503	       188.4 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/go-www/h1	1.565s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Benchmark Benchmark_stricmp

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
Benchmark_stricmp-2   	18229322	        63.90 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/go-www/h1	1.374s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Benchmark Benchmark_ContentLength_stricmp

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
Benchmark_ContentLength_stricmp-2   	48305864	        24.25 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/go-www/h1	1.382s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Benchmark Benchmark_Net_URL_Parse

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
Benchmark_Net_URL_Parse-2   	 6224820	       187.7 ns/op	     144 B/op	       1 allocs/op
PASS
ok  	github.com/go-www/h1	1.530s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Benchmark Benchmark_H1_URI_Parse

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
Benchmark_H1_URI_Parse-2   	184415270	         6.399 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/go-www/h1	1.954s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Benchmark Benchmark_H1_URI_Query

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
Benchmark_H1_URI_Query-2   	15168451	        78.34 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/go-www/h1	1.430s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Benchmark Benchmark_Request_Reader

goos: linux
goarch: amd64
pkg: github.com/go-www/h1
cpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
Benchmark_Request_Reader-2   	 5477954	       218.7 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/go-www/h1	1.544s

CPU Profile

CPU Profile

Memory Profile

Memory Profile

Please sign in to comment.