fix infinite loop when parsing specially-crafted headers (#521)

2025-10-05 15:16:51 +08:00 · 2024-02-21 23:36:35 +01:00
parent 4a8bcf3634
commit 55fa72f0c2
4 changed files with 18 additions and 29 deletions
--- a/pkg/headers/keyval.go
+++ b/pkg/headers/keyval.go
@@ -49,7 +49,6 @@ func keyValParse(str string, separator byte) (map[string]string, error) {
 		var k string
 		k, str = readKey(str, separator)

-		if len(k) > 0 {
 		if len(str) > 0 && str[0] == '=' {
 			var v string
 			var err error
@@ -62,7 +61,6 @@ func keyValParse(str string, separator byte) (map[string]string, error) {
 		} else {
 			ret[k] = ""
 		}
-		}

 		// skip separator
 		if len(str) > 0 && str[0] == separator {
--- a/pkg/headers/keyval_test.go
+++ b/pkg/headers/keyval_test.go
@@ -85,21 +85,8 @@ func TestKeyValParse(t *testing.T) {
 	}
 }

-func TestKeyValParseErrors(t *testing.T) {
-	for _, ca := range []struct {
-		name string
-		s    string
-		err  string
-	}{
-		{
-			"apexes not closed",
-			`key1="v,1`,
-			"apexes not closed (key1=\"v,1)",
-		},
-	} {
-		t.Run(ca.name, func(t *testing.T) {
-			_, err := keyValParse(ca.s, ',')
-			require.EqualError(t, err, ca.err)
+func FuzzKeyValParse(f *testing.F) {
+	f.Fuzz(func(t *testing.T, b string) {
+		keyValParse(b, ',') //nolint:errcheck
 	})
 }
-}
--- a/pkg/headers/testdata/fuzz/FuzzKeyValParse/15422aae47040b82
+++ b/pkg/headers/testdata/fuzz/FuzzKeyValParse/15422aae47040b82
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("=\"")
--- a/pkg/headers/testdata/fuzz/FuzzKeyValParse/32a837cd12bd2cfa
+++ b/pkg/headers/testdata/fuzz/FuzzKeyValParse/32a837cd12bd2cfa
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("=\x84")