gin icon indicating copy to clipboard operation
gin copied to clipboard

Published 20 hours ago verified publisher icon gin-gonic

fix Request.Context() checks

Open bvidosits opened this issue 2 years ago • 11 comments

Fixes nil pointer dereference panic introduced here: https://github.com/gin-gonic/gin/pull/3172 Closes https://github.com/gin-gonic/gin/issues/3343 Closes https://github.com/gin-gonic/gin/issues/3581 Closes https://github.com/gin-gonic/gin/issues/3483 Closes https://github.com/gin-gonic/gin/issues/3178

c.engine.ContextWithFallback check panics in Deadline(), Done(), Err() and Value() when c.engine is nil.

  • With pull requests:
    • [x] Open your pull request against master
    • [x] Your pull request should have no more than two commits, if not you should squash them.
    • [x] It should pass all tests in the available continuous integration systems such as GitHub Actions.
    • [x] You should add/modify tests to cover your proposed code changes.
    • [x] If your pull request contains a new feature, please document it on the README.

bvidosits avatar Feb 25 '23 12:02 bvidosits

Codecov Report

Merging #3512 (81c6b90) into master (6a0556e) will decrease coverage by 0.38%. The diff coverage is 100.00%.

:exclamation: Current head 81c6b90 differs from pull request most recent head f6e9c8c. Consider uploading reports for the commit f6e9c8c to get more accurate results

@@            Coverage Diff             @@
##           master    #3512      +/-   ##
==========================================
- Coverage   99.01%   98.63%   -0.38%     
==========================================
  Files          42       42              
  Lines        3151     3155       +4     
==========================================
- Hits         3120     3112       -8     
- Misses         21       29       +8     
- Partials       10       14       +4
Flag Coverage Δ
98.63% <100.00%> (-0.38%) :arrow_down:
go-1.18 98.54% <100.00%> (-0.38%) :arrow_down:
go-1.19 98.63% <100.00%> (-0.38%) :arrow_down:
go-1.20 98.63% <100.00%> (-0.38%) :arrow_down:
macos-latest 98.63% <100.00%> (-0.38%) :arrow_down:
ubuntu-latest 98.63% <100.00%> (-0.38%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
context.go 97.98% <100.00%> (+0.01%) :arrow_up:

... and 1 file with indirect coverage changes

codecov[bot] avatar Feb 26 '23 11:02 codecov[bot]

Looks very good😁

monkey92t avatar Feb 27 '23 07:02 monkey92t

this bug was imported from #3172 before checking c.engine.ContextWithFallback, c.engine should be checked. also solved #3285

@thinkerou please merge this pr, for this bug has been imported for more than 2 versions. it cause inconsitant result:

<= 1.8.0 works fine
>= 1.8.1 sadly a panic

Laotree avatar Mar 30 '23 10:03 Laotree

@javierprovecho @appleboy @thinkerou what needs to be done in order to merge this in? would like to be able to upgrade past gin 1.8.0 😅

for anyone that runs into this when creating an empty gin context, using gin.CreateTestContext will give you a context that doesn't panic upon attempting to retrieve a nonexistent context value.

i still think that this PR should be merged, as the current check is faulty and panics.

dhoizner avatar May 09 '23 14:05 dhoizner

This is a need now due to CVE-2023-26125 we can no longer just stay at version 1.8.0 to avoid this problem.

kennburger avatar May 10 '23 17:05 kennburger

@appleboy please review, thanks!

thinkerou avatar May 24 '23 08:05 thinkerou

Thanks, everyone!

jcburley avatar May 29 '23 03:05 jcburley

could not wait for the coming of v1.10 👍

Laotree avatar May 29 '23 03:05 Laotree

wait #3620 thanks all!

thinkerou avatar May 29 '23 04:05 thinkerou