Commit 49234ee2 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

net/http: panic on bogus use of CloseNotifier or Hijacker

Fixes #14001

Change-Id: I6f9bc3028345081758d8f537c3aaddb2e254e69e
Reviewed-on: https://go-review.googlesource.com/18708Reviewed-by: default avatarIan Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent 5c94f1ae
...@@ -347,7 +347,7 @@ type response struct { ...@@ -347,7 +347,7 @@ type response struct {
// written. // written.
trailers []string trailers []string
handlerDone bool // set true when the handler exits handlerDone atomicBool // set true when the handler exits
// Buffers for Date and Content-Length // Buffers for Date and Content-Length
dateBuf [len(TimeFormat)]byte dateBuf [len(TimeFormat)]byte
...@@ -358,6 +358,11 @@ type response struct { ...@@ -358,6 +358,11 @@ type response struct {
closeNotifyCh <-chan bool closeNotifyCh <-chan bool
} }
type atomicBool int32
func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
func (b *atomicBool) setTrue() { atomic.StoreInt32((*int32)(b), 1) }
// declareTrailer is called for each Trailer header when the // declareTrailer is called for each Trailer header when the
// response header is written. It notes that a header will need to be // response header is written. It notes that a header will need to be
// written in the trailers at the end of the response. // written in the trailers at the end of the response.
...@@ -911,7 +916,7 @@ func (cw *chunkWriter) writeHeader(p []byte) { ...@@ -911,7 +916,7 @@ func (cw *chunkWriter) writeHeader(p []byte) {
// send a Content-Length header. // send a Content-Length header.
// Further, we don't send an automatic Content-Length if they // Further, we don't send an automatic Content-Length if they
// set a Transfer-Encoding, because they're generally incompatible. // set a Transfer-Encoding, because they're generally incompatible.
if w.handlerDone && !trailers && !hasTE && bodyAllowedForStatus(w.status) && header.get("Content-Length") == "" && (!isHEAD || len(p) > 0) { if w.handlerDone.isSet() && !trailers && !hasTE && bodyAllowedForStatus(w.status) && header.get("Content-Length") == "" && (!isHEAD || len(p) > 0) {
w.contentLength = int64(len(p)) w.contentLength = int64(len(p))
setHeader.contentLength = strconv.AppendInt(cw.res.clenBuf[:0], int64(len(p)), 10) setHeader.contentLength = strconv.AppendInt(cw.res.clenBuf[:0], int64(len(p)), 10)
} }
...@@ -1234,7 +1239,7 @@ func (w *response) write(lenData int, dataB []byte, dataS string) (n int, err er ...@@ -1234,7 +1239,7 @@ func (w *response) write(lenData int, dataB []byte, dataS string) (n int, err er
} }
func (w *response) finishRequest() { func (w *response) finishRequest() {
w.handlerDone = true w.handlerDone.setTrue()
if !w.wroteHeader { if !w.wroteHeader {
w.WriteHeader(StatusOK) w.WriteHeader(StatusOK)
...@@ -1498,6 +1503,9 @@ func (w *response) sendExpectationFailed() { ...@@ -1498,6 +1503,9 @@ func (w *response) sendExpectationFailed() {
// Hijack implements the Hijacker.Hijack method. Our response is both a ResponseWriter // Hijack implements the Hijacker.Hijack method. Our response is both a ResponseWriter
// and a Hijacker. // and a Hijacker.
func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) { func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) {
if w.handlerDone.isSet() {
panic("net/http: Hijack called after ServeHTTP finished")
}
if w.wroteHeader { if w.wroteHeader {
w.cw.flush() w.cw.flush()
} }
...@@ -1521,6 +1529,9 @@ func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) { ...@@ -1521,6 +1529,9 @@ func (w *response) Hijack() (rwc net.Conn, buf *bufio.ReadWriter, err error) {
} }
func (w *response) CloseNotify() <-chan bool { func (w *response) CloseNotify() <-chan bool {
if w.handlerDone.isSet() {
panic("net/http: CloseNotify called after ServeHTTP finished")
}
c := w.conn c := w.conn
c.mu.Lock() c.mu.Lock()
defer c.mu.Unlock() defer c.mu.Unlock()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment