Skip to content

Commit

Permalink
fix(apple): ignore malformed HTTP headers
Browse files Browse the repository at this point in the history 
See also golang/go#21290.

Fixes freswa#24.
  • Loading branch information
@leonklingele
leonklingele committed Mar 13, 2024
1 parent 836a75b commit 1c52af3
Showing 1 changed file with 47 additions and 4 deletions.
51 changes: 47 additions & 4 deletions pkg/apple_xserver_certs/http.go
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
package apple_xserver_certs

import (
"bufio"
"bytes"
"context"
"crypto/tls"
"encoding/pem"
"io"
"io/ioutil"
"log"
"net/http"
"time"
)

func NewCerts(username string, passwordhash string) *Certificates {
Expand Down Expand Up @@ -50,7 +55,6 @@ func handleResponse(certs *Certificates, response []byte) *Certificates {
}

func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
client := &http.Client{}
r := bytes.NewReader(reqBody)
url := "https://identity.apple.com/pushcert/caservice/renew"
if newCerts {
Expand All @@ -67,12 +71,51 @@ func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
req.Header.Set("Accept", "*/*")
req.Header.Set("Accept-Language", "en-us")

resp, err := client.Do(req)
req.Close = true

ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()

conn, err := new(tls.Dialer).DialContext(
ctx,
"tcp",
req.URL.Host+":443",
)
if err != nil {
log.Fatalln(err)
log.Fatalln(err) // TODO: Handle error properly
}
defer func() {
_ = conn.Close() //nolint:errcheck,gosec // Ignored on purpose
}()

if err := req.Write(conn); err != nil {
log.Fatalln(err) // TODO: Handle error properly
}

buf, err := io.ReadAll(io.LimitReader(conn, 1<<10))
if err != nil {
log.Fatalln(err) // TODO: Handle error properly
}

const (
cr = "\r"
nl = "\n"
)
for _, ign := range []string{
"1;: mode=block",
"max-age=31536000;: includeSubdomains",
} {
buf = bytes.Replace(buf, []byte(nl+ign+cr+nl), []byte(nl), 1)
}

resp, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(buf)), req)
if err != nil {
log.Fatalln(err) // TODO: Handle error properly
}
defer func() {
_ = resp.Body.Close() //nolint:errcheck,gosec // Ignored on purpose
}()

defer resp.Body.Close()
respBody, err = ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatalln(err)
Expand Down

0 comments on commit 1c52af3

Please sign in to comment.