From ead47b0ab39c5819aee207cda536531a8e44ddc7 Mon Sep 17 00:00:00 2001
From: Andy Pan <panjf2000@gmail.com>
Date: Thu, 4 Jan 2024 15:28:14 +0800
Subject: [PATCH] net/http: respond with 400 Bad Request for empty hex number
 of chunk length

Fixes #64517

Change-Id: I78b8a6a83301deee05c3ff052a6adcd1f965aef2
Reviewed-on: https://go-review.googlesource.com/c/go/+/553835
Auto-Submit: Damien Neil <dneil@google.com>
Commit-Queue: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
---
 src/net/http/internal/chunked.go      | 3 +++
 src/net/http/internal/chunked_test.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go
index aad8e5aa09..c0fa4ccac7 100644
--- a/src/net/http/internal/chunked.go
+++ b/src/net/http/internal/chunked.go
@@ -263,6 +263,9 @@ type FlushAfterChunkWriter struct {
 }
 
 func parseHexUint(v []byte) (n uint64, err error) {
+	if len(v) == 0 {
+		return 0, errors.New("empty hex number for chunk length")
+	}
 	for i, b := range v {
 		switch {
 		case '0' <= b && b <= '9':
diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go
index b99090c1f8..af79711781 100644
--- a/src/net/http/internal/chunked_test.go
+++ b/src/net/http/internal/chunked_test.go
@@ -153,6 +153,7 @@ func TestParseHexUint(t *testing.T) {
 		{"00000000000000000", 0, "http chunk length too large"}, // could accept if we wanted
 		{"10000000000000000", 0, "http chunk length too large"},
 		{"00000000000000001", 0, "http chunk length too large"}, // could accept if we wanted
+		{"", 0, "empty hex number for chunk length"},
 	}
 	for i := uint64(0); i <= 1234; i++ {
 		tests = append(tests, testCase{in: fmt.Sprintf("%x", i), want: i})
-- 
2.50.0