From: Hugo Wetterberg <hugo@wetterberg.nu>
A request to a hostname that hasn't been registered with the server
currently results in a nil pointer deref panic in server.go:215 as
request handling continues even if ReadRequest() returns an error.
This change changes all if-else error handling in Server.respond() to
a WriteStatus-call and early return. This makes it clear when request
handling is aborted (and actually aborts when ReadRequest() fails).
---
server.go | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/server.go b/server.go
index 5643dcd..1f9078a 100644
--- a/server.go+++ b/server.go
@@ -188,27 +188,29 @@ func (s *Server) respond(conn net.Conn) {
req, err := ReadRequest(conn)
if err != nil {
w.WriteStatus(StatusBadRequest)
- } else {- // Store information about the TLS connection- if tlsConn, ok := conn.(*tls.Conn); ok {- req.TLS = tlsConn.ConnectionState()- if len(req.TLS.PeerCertificates) > 0 {- peerCert := req.TLS.PeerCertificates[0]- // Store the TLS certificate- req.Certificate = &tls.Certificate{- Certificate: [][]byte{peerCert.Raw},- Leaf: peerCert,- }+ return+ }++ // Store information about the TLS connection+ if tlsConn, ok := conn.(*tls.Conn); ok {+ req.TLS = tlsConn.ConnectionState()+ if len(req.TLS.PeerCertificates) > 0 {+ peerCert := req.TLS.PeerCertificates[0]+ // Store the TLS certificate+ req.Certificate = &tls.Certificate{+ Certificate: [][]byte{peerCert.Raw},+ Leaf: peerCert, }
}
}
resp := s.responder(req)
- if resp != nil {- resp.Respond(w, req)- } else {+ if resp == nil { w.WriteStatus(StatusNotFound)
+ return }
++ resp.Respond(w, req)}
func (s *Server) responder(r *Request) Responder {
--
2.26.2