Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic: runtime error: invalid memory address or nil pointer dereference #480

Closed
z7701858 opened this issue Jan 8, 2022 · 8 comments · Fixed by #483 or #486
Closed

panic: runtime error: invalid memory address or nil pointer dereference #480

z7701858 opened this issue Jan 8, 2022 · 8 comments · Fixed by #483 or #486
Assignees
@Mzack9999
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
v1.1.5

Comments

@z7701858
Copy link

z7701858 commented Jan 8, 2022
edited
Loading

httpx version:[INF] Current Version: v1.1.4

Current Behavior:httpx -l target.txt -path "///////../../../../../../etc/passwd"

Expected Behavior:

image

Steps To Reproduce:

Run 'httpx -l target.txt -path "///////../../../../../../etc/passwd"'
See error
image

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x9002d3]

goroutine 14 [running]:
github.com/projectdiscovery/httpx/runner.(*Runner).analyze(_, _, {_, _}, {_, _}, {_, _}, {0xc000eea780, 0x1b}, ...)
        /home/runner/work/httpx/httpx/runner/runner.go:874 +0xe93
github.com/projectdiscovery/httpx/runner.(*Runner).process.func1({0xc000eea780, 0x1b}, {0x9fe1ef, 0x3}, {0xa042ab, 0xa})
        /home/runner/work/httpx/httpx/runner/runner.go:651 +0x125
created by github.com/projectdiscovery/httpx/runner.(*Runner).process
        /home/runner/work/httpx/httpx/runner/runner.go:649 +0x965

Anything else:
@z7701858 z7701858 added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jan 8, 2022
@slowmistio
Copy link

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x1501253]

goroutine 291 [running]:
github.com/projectdiscovery/httpx/runner.(*Runner).analyze(_, , {, }, {, }, {, _}, {0xc00079e600, 0xe}, ...)
/home/runner/work/httpx/httpx/runner/runner.go:874 +0xe93
github.com/projectdiscovery/httpx/runner.(*Runner).process.func1({0xc00079e600, 0xe}, {0x16011f1, 0x3}, {0x160717e, 0xa})
/home/runner/work/httpx/httpx/runner/runner.go:651 +0x125
created by github.com/projectdiscovery/httpx/runner.(*Runner).process
/home/runner/work/httpx/httpx/runner/runner.go:649 +0x965

@ehsandeep ehsandeep added the Priority: Medium This issue may be useful, and needs some attention. label Jan 8, 2022
@atastycookie
Copy link 

➜ httpx -l REDACTED_DOMAIN_LIST.txt --path '////////////////../../../../../../../../etc/passwd' -status-code -mc 200 -ms 'root:'

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   /
 / / / / /_/ /_/ /_/ /   |
/_/ /_/\__/\__/ .___/_/|_|
             /_/              v1.1.4

		projectdiscovery.io

Use with caution. You are responsible for your actions.
Developers assume no liability and are not responsible for any misuse or damage.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x15bed01]

goroutine 13 [running]:
github.com/projectdiscovery/httpx/runner.(*Runner).analyze(0xc000288500, 0xc0001b3090, 0x16eda67, 0xa, 0xc0001bd5c0, 0x11, 0x16e7a73, 0x3, 0xc0001bd5c0, 0x11, ...)
	/Users/REDACTED/go/pkg/mod/github.com/projectdiscovery/httpx@v1.1.4/runner/runner.go:874 +0x6d41
github.com/projectdiscovery/httpx/runner.(*Runner).process.func1(0xc0000e4fa0, 0xc000288500, 0xc0001b3090, 0xc0001bd5c0, 0x11, 0xc0000fe370, 0xc0000ea480, 0xc0001bd5c0, 0x11, 0x16e7a73, ...)
	/Users/REDACTED/go/pkg/mod/github.com/projectdiscovery/httpx@v1.1.4/runner/runner.go:651 +0xff
created by github.com/projectdiscovery/httpx/runner.(*Runner).process
	/Users/REDACTED/go/pkg/mod/github.com/projectdiscovery/httpx@v1.1.4/runner/runner.go:649 +0x785

@aviadhahami
Copy link

Hitting the same problem, can repro on Ubuntu

@oways
Copy link

oways commented Jan 9, 2022

Solved this issue by adding # at the end of the path

Example:

-path "///////../../../../../../../etc/passwd#"

@aviadhahami
Copy link

Solved this issue by adding # at the end of the path

Example:

-path "///////../../../../../../../etc/passwd#"

I think not, but dyt there's any impact on the parsers?

@oways
Copy link

oways commented Jan 9, 2022

httpx reading the content of the path that you provide locally first (in your pc) to check for multiple paths and if it is not valid it jumps to the second choice which is fetching for website path, this is why by adding # at the end will be a good workaround as it converts it to invalid local path and it does not effect the actual URI path.

In this case ///////../../../../../../../etc/passwd is a valid system file path for unix based systems

Check the following screenshot:

Screen Shot 2022-01-09 at 1 15 03 PM

And for the error yes it is related to parsing as the following value causing the error :*:/ which is part of passwd file:

Screen Shot 2022-01-09 at 1 26 59 PM

@Mzack9999 Mzack9999 self-assigned this Jan 10, 2022
@Mzack9999 Mzack9999 linked a pull request Jan 10, 2022 that will close this issue
Improving paths loading from file #483
Merged
@ehsandeep ehsandeep added this to the v1.1.5 milestone Jan 10, 2022
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Jan 10, 2022
@ehsandeep ehsandeep linked a pull request Jan 10, 2022 that will close this issue
v1.1.5 Release #486
Merged
@ehsandeep
Copy link
Member

This is now fixed with latest release - https://github.com/projectdiscovery/httpx/releases/tag/v1.1.5

@aviadhahami
Copy link

thx for the quick response @ehsandeep 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
v1.1.5
Development

Successfully merging a pull request may close this issue.

Improving paths loading from file projectdiscovery/httpx
v1.1.5 Release projectdiscovery/httpx
7 participants
@atastycookie @aviadhahami @ehsandeep @oways @Mzack9999 @slowmistio @z7701858