Merge pull request #1779 from mholt/mitm-panic

mitm: Fix out of bounds error when checking software version in UA

Merge pull request #1779 from mholt/mitm-panic
mitm: Fix out of bounds error when checking software version in UA
76a28271 · Matt Holt · GitHub · 1366a446 · 10d5422c · 76a28271
Commit 76a28271 authored Jul 25, 2017 by Matt Holt Committed by GitHub Jul 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 0 deletions

caddyhttp/httpserver/mitm.go caddyhttp/httpserver/mitm.go +2 -0

caddyhttp/httpserver/mitm_test.go caddyhttp/httpserver/mitm_test.go +45 -0

No files found.
--- a/caddyhttp/httpserver/mitm.go
+++ b/caddyhttp/httpserver/mitm.go
@@ -112,6 +112,8 @@ func getVersion(ua, softwareName string) float64 {
 	end := strings.Index(ua[start:], " ")
 	if end < 0 {
 		end = len(ua)
+	} else {
+		end += start
 	}
 	strVer := strings.Replace(ua[start:end], "-", "", -1)
 	firstDot := strings.Index(strVer, ".")

--- a/caddyhttp/httpserver/mitm_test.go
+++ b/caddyhttp/httpserver/mitm_test.go
@@ -352,3 +352,48 @@ func TestHeuristicFunctionsAndHandler(t *testing.T) {
 		}
 	}
 }
+
+func TestGetVersion(t *testing.T) {
+	for i, test := range []struct {
+		UserAgent    string
+		SoftwareName string
+		Version      float64
+	}{
+		{
+			UserAgent:    "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0",
+			SoftwareName: "Firefox",
+			Version:      45.0,
+		},
+		{
+			UserAgent:    "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0 more_stuff_here",
+			SoftwareName: "Firefox",
+			Version:      45.0,
+		},
+		{
+			UserAgent:    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",
+			SoftwareName: "Safari",
+			Version:      537.36,
+		},
+		{
+			UserAgent:    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",
+			SoftwareName: "Chrome",
+			Version:      51.0270479,
+		},
+		{
+			UserAgent:    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",
+			SoftwareName: "Mozilla",
+			Version:      5.0,
+		},
+		{
+			UserAgent:    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",
+			SoftwareName: "curl",
+			Version:      -1,
+		},
+	} {
+		actual := getVersion(test.UserAgent, test.SoftwareName)
+		if actual != test.Version {
+			t.Errorf("Test [%d]: Expected version=%f, got version=%f for %s in '%s'",
+				i, test.Version, actual, test.SoftwareName, test.UserAgent)
+		}
+	}
+}