External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 11:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6321 from hdm/bug/various-race-conditions

Browse Source 
Address race conditions in http.Request and MemGuardian
This commit is contained in:
Mzack9999 2025-07-15 15:19:02 +02:00 committed by GitHub
commit 3e9bee7400
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/protocols/common/protocolstate/memguardian.go
View File

@ -16,9 +16,12 @@ var (
MaxBytesBufferAllocOnLowMemory = env.GetEnvOrDefault("MEMGUARDIAN_ALLOC", 0) MaxBytesBufferAllocOnLowMemory = env.GetEnvOrDefault("MEMGUARDIAN_ALLOC", 0)
memTimer *time.Ticker memTimer *time.Ticker
cancelFunc context.CancelFunc cancelFunc context.CancelFunc
muGlobalChange sync.Mutex
) )
func StartActiveMemGuardian(ctx context.Context) { func StartActiveMemGuardian(ctx context.Context) {
muGlobalChange.Lock()
defer muGlobalChange.Unlock()
if memguardian.DefaultMemGuardian == nil || memTimer != nil { if memguardian.DefaultMemGuardian == nil || memTimer != nil {
return return
} }
@ -42,6 +45,9 @@ func StartActiveMemGuardian(ctx context.Context) {
} }
func StopActiveMemGuardian() { func StopActiveMemGuardian() {
muGlobalChange.Lock()
defer muGlobalChange.Unlock()
if memguardian.DefaultMemGuardian == nil { if memguardian.DefaultMemGuardian == nil {
return return
} }
@ -73,8 +79,6 @@ func GuardThreadsOrDefault(current int) int {
return 1 return 1
} }
var muGlobalChange sync.Mutex
// Global setting // Global setting
func GlobalGuardBytesBufferAlloc() error { func GlobalGuardBytesBufferAlloc() error {
if !muGlobalChange.TryLock() { if !muGlobalChange.TryLock() {

6
pkg/protocols/http/request.go
View File

@ -864,8 +864,10 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
var curlCommand string var curlCommand string
if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil && !request.Race { if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil && !request.Race {
bodyBytes, _ := generatedRequest.request.BodyBytes() bodyBytes, _ := generatedRequest.request.BodyBytes()
resp.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes)) // Use a clone to avoid a race condition with the http transport
command, err := http2curl.GetCurlCommand(generatedRequest.request.Request) req := resp.Request.Clone(resp.Request.Context())
req.Body = io.NopCloser(bytes.NewReader(bodyBytes))
command, err := http2curl.GetCurlCommand(req)
if err == nil && command != nil { if err == nil && command != nil {
curlCommand = command.String() curlCommand = command.String()
} }

3
pkg/protocols/http/utils.go
View File

@ -12,7 +12,8 @@ import (
// dump creates a dump of the http request in form of a byte slice // dump creates a dump of the http request in form of a byte slice
func dump(req *generatedRequest, reqURL string) ([]byte, error) { func dump(req *generatedRequest, reqURL string) ([]byte, error) {
if req.request != nil { if req.request != nil {
bin, err := req.request.Dump() // Use a clone to avoid a race condition with the http transport
bin, err := req.request.Clone(req.request.Context()).Dump()
if err != nil { if err != nil {
return nil, errorutil.NewWithErr(err).WithTag("http").Msgf("could not dump request: %v", req.request.String()) return nil, errorutil.NewWithErr(err).WithTag("http").Msgf("could not dump request: %v", req.request.String())
} }