From 55fa72f0c2734060a522ee551e2f3392e9832547 Mon Sep 17 00:00:00 2001
From: Alessandro Ros <aler9.dev@gmail.com>
Date: Wed, 21 Feb 2024 23:36:35 +0100
Subject: [PATCH] fix infinite loop when parsing specially-crafted headers
 (#521)

---
 pkg/headers/keyval.go                         | 22 +++++++++----------
 pkg/headers/keyval_test.go                    | 21 ++++--------------
 .../fuzz/FuzzKeyValParse/15422aae47040b82     |  2 ++
 .../fuzz/FuzzKeyValParse/32a837cd12bd2cfa     |  2 ++
 4 files changed, 18 insertions(+), 29 deletions(-)
 create mode 100644 pkg/headers/testdata/fuzz/FuzzKeyValParse/15422aae47040b82
 create mode 100644 pkg/headers/testdata/fuzz/FuzzKeyValParse/32a837cd12bd2cfa

diff --git a/pkg/headers/keyval.go b/pkg/headers/keyval.go
index 11515971..bd72e27a 100644
--- a/pkg/headers/keyval.go
+++ b/pkg/headers/keyval.go
@@ -49,19 +49,17 @@ func keyValParse(str string, separator byte) (map[string]string, error) {
 		var k string
 		k, str = readKey(str, separator)
 
-		if len(k) > 0 {
-			if len(str) > 0 && str[0] == '=' {
-				var v string
-				var err error
-				v, str, err = readValue(origstr, str[1:], separator)
-				if err != nil {
-					return nil, err
-				}
-
-				ret[k] = v
-			} else {
-				ret[k] = ""
+		if len(str) > 0 && str[0] == '=' {
+			var v string
+			var err error
+			v, str, err = readValue(origstr, str[1:], separator)
+			if err != nil {
+				return nil, err
 			}
+
+			ret[k] = v
+		} else {
+			ret[k] = ""
 		}
 
 		// skip separator
diff --git a/pkg/headers/keyval_test.go b/pkg/headers/keyval_test.go
index 1408ce93..75283d71 100644
--- a/pkg/headers/keyval_test.go
+++ b/pkg/headers/keyval_test.go
@@ -85,21 +85,8 @@ func TestKeyValParse(t *testing.T) {
 	}
 }
 
-func TestKeyValParseErrors(t *testing.T) {
-	for _, ca := range []struct {
-		name string
-		s    string
-		err  string
-	}{
-		{
-			"apexes not closed",
-			`key1="v,1`,
-			"apexes not closed (key1=\"v,1)",
-		},
-	} {
-		t.Run(ca.name, func(t *testing.T) {
-			_, err := keyValParse(ca.s, ',')
-			require.EqualError(t, err, ca.err)
-		})
-	}
+func FuzzKeyValParse(f *testing.F) {
+	f.Fuzz(func(t *testing.T, b string) {
+		keyValParse(b, ',') //nolint:errcheck
+	})
 }
diff --git a/pkg/headers/testdata/fuzz/FuzzKeyValParse/15422aae47040b82 b/pkg/headers/testdata/fuzz/FuzzKeyValParse/15422aae47040b82
new file mode 100644
index 00000000..2454251f
--- /dev/null
+++ b/pkg/headers/testdata/fuzz/FuzzKeyValParse/15422aae47040b82
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("=\"")
diff --git a/pkg/headers/testdata/fuzz/FuzzKeyValParse/32a837cd12bd2cfa b/pkg/headers/testdata/fuzz/FuzzKeyValParse/32a837cd12bd2cfa
new file mode 100644
index 00000000..d32193ac
--- /dev/null
+++ b/pkg/headers/testdata/fuzz/FuzzKeyValParse/32a837cd12bd2cfa
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("=\x84")