search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.61k stars 5.45k forks source link

Invalid HEAD request causes 500 Internal Error with panic #17880

Closed wxiaoguang closed 2 years ago

wxiaoguang commented 2 years ago

Gitea Version

1.16 (or maybe 1.15 also)

Can you reproduce the bug on the Gitea demo site?

Yes

Description

2021/12/02 10:08:04 Started HEAD /website.rar for 150.158.12.71:0
2021/12/02 10:08:04 routers/web/base.go:130:1() [E] PANIC: runtime error: invalid memory address or nil pointer dereference
    /usr/local/go/src/runtime/panic.go:221 (0x44bda6)
    /usr/local/go/src/runtime/signal_unix.go:735 (0x44bd76)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/middleware/get_head.go:14 (0x1cab5ed)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/modules/web/route.go:113 (0x1c7f2a5)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/modules/context/context.go:770 (0x14bcd10)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:71 (0x14a92ac)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:314 (0x14aac5b)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:442 (0x14ab475)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/routers/web/base.go:169 (0x1e5aeba)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/gitea.com/go-chi/session/session.go:257 (0x128621d)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/modules/public/public.go:42 (0x132b67b)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:71 (0x14a92ac)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:314 (0x14aac5b)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:442 (0x14ab475)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/routers/common/middleware.go:75 (0x1cb29c1)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/routers/common/logger.go:23 (0x1cb0564)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/middleware/strip.go:30 (0x1cae6b8)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/chi-middleware/proxy/middleware.go:37 (0x1caab76)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/routers/common/middleware.go:28 (0x1cb2819)
    /usr/local/go/src/net/http/server.go:2046 (0x77378e)
    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:88 (0x14a9261)
    /Users/xiaoguang/work/gitea/modules/web/route.go:328 (0x1c8210d)
    /usr/local/go/src/net/http/server.go:2878 (0x776cfa)
    /usr/local/go/src/net/http/server.go:1929 (0x772867)
    /usr/local/go/src/runtime/asm_amd64.s:1581 (0x468c80)
~$ curl -v -X HEAD https://try.gitea.io/upload.rar
> HEAD /upload.rar HTTP/2
> Host: try.gitea.io
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/2 500
< content-type: text/html; charset=UTF-8
< date: Thu, 02 Dec 2021 09:32:50 GMT
< set-cookie: i_like_gitea=7397572287ba4645; Path=/; HttpOnly; SameSite=Lax
< set-cookie: _csrf=QZd6RrYkCx62ISmgltdnDZOpivM6MTYzODQzNzU3MDQyOTM5OTk4OA; Path=/; Expires=Fri, 03 Dec 2021 09:32:50 GMT; HttpOnly; SameSite=Lax
< set-cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
< x-frame-options: SAMEORIGIN
<
lunny commented 2 years ago

Looks like it's a upstream issue https://github.com/go-chi/chi .

mscherer commented 2 years ago

For the record, I can't reproduce on 1.15.6

zeripath commented 2 years ago

This is interesting. After searching the context key should have been set however:

    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/middleware/get_head.go:14 (0x1cab5ed)

Compare with:

    /Users/xiaoguang/work/gitea/vendor/github.com/go-chi/chi/v5/mux.go:71 (0x14a92ac)

The problem is that the context that get_head looks for is the non v5 version.

We need a v5 version of the middleware.

zeripath commented 2 years ago

Got it!