server stops when a CGI script does not write any header or content #38

New Issue

Closed

opened 2023-03-20 11:28:09 +00:00 by alexlehm · 3 comments

alexlehm commented 2023-03-20 11:28:09 +00:00

Copy Link

I had a bug in a CGI php script where it would not write any content and just close and that makes the server stop with an array index error

panic: runtime error: index out of range [0] with length 0

goroutine 34 [running]:
main.handleCGI(0x7ad, 0xc0000b40c0, 0x11, 0xc0000a8090, 0x23, 0xc0000a80f0, 0x21, 0xc0000a81e0, 0x24, 0xc0000a8210, ...)
        /home/lehmann/molly-brown/dynamic.go:82 +0xfff
main.handleGeminiRequest(0x737b60, 0xc000192000, 0x7ad, 0xc0000b40c0, 0x11, 0xc0000a8090, 0x23, 0xc0000a80f0, 0x21, 0xc0000a81e0, ...)
        /home/lehmann/molly-brown/handler.go:126 +0x13f8
created by main.launch
        /home/lehmann/molly-brown/launch.go:166 +0x938

You can show this with a empty cgi script, e.g. like this

bug.cgi:

#! /bin/sh

# don't do anything

I fixed that by adding a check for empty header, you can probably do it easier, my Go knowledge is not very good yet

diff --git a/dynamic.go b/dynamic.go
index e0cebf0..bd33ee3 100644
--- a/dynamic.go
+++ b/dynamic.go
@@ -74,6 +74,11 @@ func handleCGI(config SysConfig, path string, cgiPath string, URL *url.URL, logE
        }
        // Extract response header
        header, _, err := bufio.NewReader(strings.NewReader(string(response))).ReadLine()
+
+// crash error
+       if(string(header)=="") {
+         header=[]byte("42 empty response\r\n")
+       }
        status, err2 := strconv.Atoi(strings.Fields(string(header))[0])
        if err != nil || err2 != nil {
                log.Println("Unable to parse first line of output from CGI process " + path + " as valid Gemini response header.  Line was: " + string(header))

I had a bug in a CGI php script where it would not write any content and just close and that makes the server stop with an array index error ``` panic: runtime error: index out of range [0] with length 0 goroutine 34 [running]: main.handleCGI(0x7ad, 0xc0000b40c0, 0x11, 0xc0000a8090, 0x23, 0xc0000a80f0, 0x21, 0xc0000a81e0, 0x24, 0xc0000a8210, ...) /home/lehmann/molly-brown/dynamic.go:82 +0xfff main.handleGeminiRequest(0x737b60, 0xc000192000, 0x7ad, 0xc0000b40c0, 0x11, 0xc0000a8090, 0x23, 0xc0000a80f0, 0x21, 0xc0000a81e0, ...) /home/lehmann/molly-brown/handler.go:126 +0x13f8 created by main.launch /home/lehmann/molly-brown/launch.go:166 +0x938 ``` You can show this with a empty cgi script, e.g. like this bug.cgi: ```bash #! /bin/sh # don't do anything ``` I fixed that by adding a check for empty header, you can probably do it easier, my Go knowledge is not very good yet ```diff diff --git a/dynamic.go b/dynamic.go index e0cebf0..bd33ee3 100644 --- a/dynamic.go +++ b/dynamic.go @@ -74,6 +74,11 @@ func handleCGI(config SysConfig, path string, cgiPath string, URL *url.URL, logE } // Extract response header header, _, err := bufio.NewReader(strings.NewReader(string(response))).ReadLine() + +// crash error + if(string(header)=="") { + header=[]byte("42 empty response\r\n") + } status, err2 := strconv.Atoi(strings.Fields(string(header))[0]) if err != nil || err2 != nil { log.Println("Unable to parse first line of output from CGI process " + path + " as valid Gemini response header. Line was: " + string(header)) ```

alexlehm changed title from server stops when a CGI script does not write any content to server stops when a CGI script does not write any header or content 2023-03-20 11:35:59 +00:00

solderpunk commented 2023-03-20 21:28:39 +00:00

Owner

Copy Link

Ah, thanks for catching this, I'll try to put together a fix soon. Sorry, the CGI support is still in a pretty poor state, as you're noticing, but it's improving...

Ah, thanks for catching this, I'll try to put together a fix soon. Sorry, the CGI support is still in a pretty poor state, as you're noticing, but it's improving...

alexlehm commented 2023-03-21 11:06:38 +00:00

Author

Copy Link

Actually that is quite interesting, it gives me a chance to look at how Go works which I have not done at all before

Using a feature that is not often used sometimes has this effect, this is the first time I used CGI for anything except printenv at all and it is the first time I use it in PHP

Actually that is quite interesting, it gives me a chance to look at how Go works which I have not done at all before Using a feature that is not often used sometimes has this effect, this is the first time I used CGI for anything except printenv at all and it is the first time I use it in PHP

solderpunk commented 2023-03-22 20:04:58 +00:00

Owner

Copy Link

This is fixed now, thanks again for the report!

This is fixed now, thanks again for the report!

👍 1

solderpunk referenced this issue from a commit 2023-03-22 20:36:43 +00:00

Fix crash when CGI processes end without writing anything at all to stdout. Closes #38.

solderpunk closed this issue 2023-03-22 20:36:43 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

ratelimiting

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: solderpunk/molly-brown#38

No description provided.