server: abort request handling on bad requests

A request to a hostname that hasn't been registered with the server currently results in a nil pointer deref panic in server.go:215 as request handling continues even if ReadRequest() returns an error. This change changes all if-else error handling in Server.respond() to a WriteStatus-call and early return. This makes it clear when request handling is aborted (and actually aborts when ReadRequest() fails).
2024-11-23 12:42:13 +01:00 · 2021-01-05 20:16:33 +01:00 · 2021-01-05 20:16:33 +01:00 · 010ce903ea
commit 010ce903ea
parent 10c87efbc1
1 changed files with 16 additions and 14 deletions
--- a/server.go
+++ b/server.go
@ -188,27 +188,29 @@ func (s *Server) respond(conn net.Conn) {
 	req, err := ReadRequest(conn)
 	if err != nil {
 		w.WriteStatus(StatusBadRequest)
-	} else {
-		// Store information about the TLS connection
-		if tlsConn, ok := conn.(*tls.Conn); ok {
-			req.TLS = tlsConn.ConnectionState()
-			if len(req.TLS.PeerCertificates) > 0 {
-				peerCert := req.TLS.PeerCertificates[0]
-				// Store the TLS certificate
-				req.Certificate = &tls.Certificate{
-					Certificate: [][]byte{peerCert.Raw},
-					Leaf:        peerCert,
-				}
+		return
+	}
+
+	// Store information about the TLS connection
+	if tlsConn, ok := conn.(*tls.Conn); ok {
+		req.TLS = tlsConn.ConnectionState()
+		if len(req.TLS.PeerCertificates) > 0 {
+			peerCert := req.TLS.PeerCertificates[0]
+			// Store the TLS certificate
+			req.Certificate = &tls.Certificate{
+				Certificate: [][]byte{peerCert.Raw},
+				Leaf:        peerCert,
 			}
 		}
 	}

 	resp := s.responder(req)
-	if resp != nil {
-		resp.Respond(w, req)
-	} else {
+	if resp == nil {
 		w.WriteStatus(StatusNotFound)
+		return
 	}
+
+	resp.Respond(w, req)
 }

 func (s *Server) responder(r *Request) Responder {