echo icon indicating copy to clipboard operation
echo copied to clipboard
verified publisher icon labstack

No check of length of parameter values

Open linux019 opened this issue 5 years ago • 7 comments

Issue Description

Checklist

  • [x] Dependencies installed
  • [x] No typos
  • [x] Searched existing issues and docs

Working code to debug

package main

import (
	"fmt"
	"github.com/labstack/echo"
)

func main() {
	e := echo.New()
	ctx := e.NewContext(nil, nil)
	ctx.SetParamNames("a")
	fmt.Println(ctx.ParamValues())
}

Version/commit

https://github.com/labstack/echo/blob/fc4b1c0a830f194bf6334d2b3e61d92cccebb2be/context.go#L316 - missing check

linux019 avatar Mar 10 '20 14:03 linux019

This should be fixed with PR #1535

lammel avatar Mar 30 '20 10:03 lammel

It seems the split between the names, values and the maxIndex is still causing problems.

I encountered problems before as described in this issue https://github.com/labstack/echo/issues/1258

This is my middleware:

// DecodeURIPath is a echo middleware that decodes path parameters
func DecodeURIPath(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		newValues := make([]string, len(c.ParamValues()))
		for i, value := range c.ParamValues() {
			path, err := url.PathUnescape(value)
			if err != nil {
				path = value
			}
			newValues[i] = path
		}
		c.SetParamValues(newValues...)
		return next(c)
	}
}

During execution maxParam is 1, pnames empty and pvalues contains 1 entry with value "".

However, c.ParamValues() returns nothing because instead of the maxParam, it uses the length of pnames: https://github.com/labstack/echo/pull/1535/files#diff-05a3aa0ab9e5687ff167e0ef3ae4c5a6R316

After calling SetParamValues(newValues...) pvalues becomes an empty arrray. But remember, the maxParam is still set to 1.

Then the during the next request Reset https://github.com/labstack/echo/blob/master/context.go#L636 still uses this value to iterate over the pvalues and causes an

echo: http: panic serving 127.0.0.1:55010: runtime error: index out of range [0] with length 0

stevenvegt avatar May 04 '20 13:05 stevenvegt

FYI: adding the line:

c.SetParamNames(c.ParamNames()...)

Seems to fix my problem by resetting the maxParam value.

stevenvegt avatar May 04 '20 13:05 stevenvegt

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 03 '20 14:07 stale[bot]

A comment just to annoy out stale-bot and giving the echo team a bit of extra time to look at this problem :)

stevenvegt avatar Jul 07 '20 08:07 stevenvegt

We had the same issues in our tests where we are using ctx.Reset() which caused the index out of range panic on access to pvalues:

panic: runtime error: index out of range [0] with length 0 [recovered]

We are using a simple workaround in our test helpers now. Calling ctx.SetParamNames("") and ctx.SetParamValues("") before Reset() of the context ensure the length is set properly.

Example:

// Workaround required for echo v4.1.17, see GitHub #1531
h.Ctx.SetParamNames("")
h.Ctx.SetParamValues("")
h.Ctx.Reset(req, rec)

I will try to work out a PR to cleanup the param value handling and avoid the current pitfalls

lammel avatar Oct 01 '20 13:10 lammel

PR #1659 has been merged addressing the symptoms so echo should not panic anymore.

lammel avatar Dec 14 '20 13:12 lammel