Skip to content

Invalid HEAD request causes 500 Internal Error with panic #17880

New issue
New issue
Closed
#17888
Closed
Invalid HEAD request causes 500 Internal Error with panic#17880
#17888
Labels
issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implementedtype/bug
@wxiaoguang

Description

@wxiaoguang
wxiaoguang
opened on Dec 2, 2021 · edited by wxiaoguang
Contributor

Gitea Version

1.16 (or maybe 1.15 also)

Can you reproduce the bug on the Gitea demo site?

Yes

Description

2021/12/02 10:08:04 Started HEAD /website.rar for 150.158.12.71:0
2021/12/02 10:08:04 routers/web/base.go:130:1() [E] PANIC: runtime error: invalid memory address or nil pointer dereference
	/usr/local/go/src/runtime/panic.go:221 (0x44bda6)
	/usr/local/go/src/runtime/signal_unix.go:735 (0x44bd76)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/middleware/get_head.go:14 (0x1cab5ed)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/modules/web/route.go:113 (0x1c7f2a5)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/modules/context/context.go:770 (0x14bcd10)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:71 (0x14a92ac)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:314 (0x14aac5b)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:442 (0x14ab475)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/routers/web/base.go:169 (0x1e5aeba)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/gitea.com/go-chi/session/session.go:257 (0x128621d)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/modules/public/public.go:42 (0x132b67b)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:71 (0x14a92ac)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:314 (0x14aac5b)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:442 (0x14ab475)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/routers/common/middleware.go:75 (0x1cb29c1)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/routers/common/logger.go:23 (0x1cb0564)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/middleware/strip.go:30 (0x1cae6b8)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/chi-middleware/proxy/middleware.go:37 (0x1caab76)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/routers/common/middleware.go:28 (0x1cb2819)
	/usr/local/go/src/net/http/server.go:2046 (0x77378e)
	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:88 (0x14a9261)
	/Users/xiaoguang/work/gitea/modules/web/route.go:328 (0x1c8210d)
	/usr/local/go/src/net/http/server.go:2878 (0x776cfa)
	/usr/local/go/src/net/http/server.go:1929 (0x772867)
	/usr/local/go/src/runtime/asm_amd64.s:1581 (0x468c80)

~$ curl -v -X HEAD https://try.gitea.io/upload.rar
> HEAD /upload.rar HTTP/2
> Host: try.gitea.io
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/2 500
< content-type: text/html; charset=UTF-8
< date: Thu, 02 Dec 2021 09:32:50 GMT
< set-cookie: i_like_gitea=7397572287ba4645; Path=/; HttpOnly; SameSite=Lax
< set-cookie: _csrf=QZd6RrYkCx62ISmgltdnDZOpivM6MTYzODQzNzU3MDQyOTM5OTk4OA; Path=/; Expires=Fri, 03 Dec 2021 09:32:50 GMT; HttpOnly; SameSite=Lax
< set-cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
< x-frame-options: SAMEORIGIN
<

Activity

wxiaoguang
added
type/bug
issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implemented
on Dec 2, 2021
lunny

lunny commented on Dec 2, 2021

@lunny
lunny
on Dec 2, 2021
Member

Looks like it's a upstream issue https://github.com/go-chi/chi .

mscherer

mscherer commented on Dec 2, 2021

@mscherer
mscherer
on Dec 2, 2021
Contributor

For the record, I can't reproduce on 1.15.6

zeripath

zeripath commented on Dec 2, 2021

@zeripath
zeripath
on Dec 2, 2021
Contributor

This is interesting. After searching the context key should have been set however:

	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/middleware/get_head.go:14 (0x1cab5ed)

Compare with:

	/Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:71 (0x14a92ac)

The problem is that the context that get_head looks for is the non v5 version.

We need a v5 version of the middleware.

zeripath
added a commit that references this issue on Dec 2, 2021

Update chi/middleware to chi/v5/middleware

35c78c9
zeripath
mentioned this on Dec 2, 2021
zeripath

zeripath commented on Dec 2, 2021

@zeripath
zeripath
on Dec 2, 2021
Contributor

Got it!

6543
closed this as completedin #17888on Dec 2, 2021
6543
added a commit that references this issue on Dec 2, 2021

Update chi/middleware to chi/v5/middleware (#17888)

957c3fc
Chianina
added a commit that references this issue on Mar 28, 2022

Update chi/middleware to chi/v5/middleware (go-gitea#17888)

da1437c
go-gitea
locked and limited conversation to collaborators on Apr 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implementedtype/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @lunny@mscherer@zeripath@wxiaoguang

      Issue actions
        Invalid HEAD request causes 500 Internal Error with panic · Issue #17880 · go-gitea/gitea