Fix hex2intTable out of range bug

hex2intTable only contains 254 entries why it should be 255. Sending for example: Transfer-Encoding: chunked\r\n \r\n \ff causes an out of range panic. Because fasthttp never uses defer-recover and runs in its own goroutines the user of this package can do nothing to defend against this bug.
erikdubbelboer · Nov 26, 2017 · 4f82d07 · 4f82d07
1 parent 38fca66
commit 4f82d07
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 5 deletions.
diff --git a/bytesconv.go b/bytesconv.go
@@ -322,15 +322,15 @@ func hexCharUpper(c byte) byte {
 }
 
 var hex2intTable = func() []byte {
-	b := make([]byte, 255)
-	for i := byte(0); i < 255; i++ {
+	b := make([]byte, 256)
+	for i := 0; i < 256; i++ {
 		c := byte(16)
 		if i >= '0' && i <= '9' {
-			c = i - '0'
+			c = byte(i) - '0'
 		} else if i >= 'a' && i <= 'f' {
-			c = i - 'a' + 10
+			c = byte(i) - 'a' + 10
 		} else if i >= 'A' && i <= 'F' {
-			c = i - 'A' + 10
+			c = byte(i) - 'A' + 10
 		}
 		b[i] = c
 	}

diff --git a/server_test.go b/server_test.go
@@ -2489,6 +2489,31 @@ func TestServerConnError(t *testing.T) {
 	}
 }
 
+func TestServeConnHex2intTable(t *testing.T) {
+	s := &Server{
+		Handler: func(ctx *RequestCtx) {
+		},
+	}
+
+	rw := &readWriter{}
+	rw.r.WriteString("GET / HTTP/1.1\r\nHost: google.com\r\nTransfer-Encoding: chunked\r\n\r\n\xff")
+
+	ch := make(chan error)
+	go func() {
+		ch <- s.ServeConn(rw)
+	}()
+
+	var err error
+	select {
+	case err = <-ch:
+	case <-time.After(100 * time.Millisecond):
+		t.Fatalf("timeout")
+	}
+	if err.Error() != "empty hex number" {
+		t.Fatalf("expected: empty hex number")
+	}
+}
+
 func TestServeConnSingleRequest(t *testing.T) {
 	s := &Server{
 		Handler: func(ctx *RequestCtx) {