net/http: respond with 400 Bad Request for empty hex number of chunk length

Fixes #64517

Change-Id: I78b8a6a83301deee05c3ff052a6adcd1f965aef2
Reviewed-on: https://go-review.googlesource.com/c/go/+/553835
Auto-Submit: Damien Neil <dneil@google.com>
Commit-Queue: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>

diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go
index aad8e5aa09ebccf54a63150b13ebfd4c5729784a..c0fa4ccac719c694cd1b435f7cc18cfb9541db21 100644 (file)
--- a/src/net/http/internal/chunked.go
+++ b/src/net/http/internal/chunked.go
@@ -263,6 +263,9 @@ type FlushAfterChunkWriter struct {
 }
 
 func parseHexUint(v []byte) (n uint64, err error) {
+       if len(v) == 0 {
+               return 0, errors.New("empty hex number for chunk length")
+       }
        for i, b := range v {
                switch {
                case '0' <= b && b <= '9':

diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go
index b99090c1f8ad7321bca8824d8512d507ab15acc6..af79711781a7edaf2479e2cc11d2e2233ee0cca9 100644 (file)
--- a/src/net/http/internal/chunked_test.go
+++ b/src/net/http/internal/chunked_test.go
@@ -153,6 +153,7 @@ func TestParseHexUint(t *testing.T) {
                {"00000000000000000", 0, "http chunk length too large"}, // could accept if we wanted
                {"10000000000000000", 0, "http chunk length too large"},
                {"00000000000000001", 0, "http chunk length too large"}, // could accept if we wanted
+               {"", 0, "empty hex number for chunk length"},
        }
        for i := uint64(0); i <= 1234; i++ {
                tests = append(tests, testCase{in: fmt.Sprintf("%x", i), want: i})