net/http: restore Transport's Request.Body byte sniff in limited cases

In Go 1.8, we'd removed the Transport's Request.Body
one-byte-Read-sniffing to disambiguate between non-nil Request.Body
with a ContentLength of 0 or -1. Previously, we tried to see whether a
ContentLength of 0 meant actually zero, or just an unset by reading a
single byte of the Request.Body and then stitching any read byte back
together with the original Request.Body.

That historically has caused many problems due to either data races,
blocking forever (#17480), or losing bytes (#17071). Thus, we removed
it in both HTTP/1 and HTTP/2 in Go 1.8. Unfortunately, during the Go
1.8 beta, we've found that a few people have gotten bitten by the
behavior change on requests with methods typically not containing
request bodies (e.g. GET, HEAD, DELETE). The most popular example is
the aws-go SDK, which always set http.Request.Body to a non-nil value,
even on such request methods. That was causing Go 1.8 to send such
requests with Transfer-Encoding chunked bodies, with zero bytes,
confusing popular servers (including but limited to AWS).

This CL partially reverts the no-byte-sniffing behavior and restores
it only for GET/HEAD/DELETE/etc requests, and only when there's no
Transfer-Encoding set, and the Content-Length is 0 or -1.

Updates #18257 (aws-go) bug
And also private bug reports about non-AWS issues.

Updates #18407 also, but haven't yet audited things enough to declare
it fixed.

Change-Id: Ie5284d3e067c181839b31faf637eee56e5738a6a
Reviewed-on: https://go-review.googlesource.com/34668
Run-TryBot: Brad Fitzpatrick <[email protected]>
TryBot-Result: Gobot Gobot <[email protected]>
Reviewed-by: Ian Lance Taylor <[email protected]>

Author: bradfitz

src/net/http/request.go

@@ -341,6 +341,18 @@ func (r *Request) ProtoAtLeast(major, minor int) bool {
 		r.ProtoMajor == major && r.ProtoMinor >= minor
 }
 
+// protoAtLeastOutgoing is like ProtoAtLeast, but is for outgoing
+// requests (see issue 18407) where these fields aren't supposed to
+// matter.  As a minor fix for Go 1.8, at least treat (0, 0) as
+// matching HTTP/1.1 or HTTP/1.0.  Only HTTP/1.1 is used.
+// TODO(bradfitz): ideally remove this whole method. It shouldn't be used.
+func (r *Request) protoAtLeastOutgoing(major, minor int) bool {
+	if r.ProtoMajor == 0 && r.ProtoMinor == 0 && major == 1 && minor <= 1 {
+		return true
+	}
+	return r.ProtoAtLeast(major, minor)
+}
+
 // UserAgent returns the client's User-Agent, if sent in the request.
 func (r *Request) UserAgent() string {
 	return r.Header.Get("User-Agent")
@@ -600,6 +612,12 @@ func (req *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, wai
 		}
 	}
 
+	if bw, ok := w.(*bufio.Writer); ok && tw.FlushHeaders {
+		if err := bw.Flush(); err != nil {
+			return err
+		}
+	}
+
 	// Write body and trailer
 	err = tw.WriteBody(w)
 	if err != nil {
@@ -1299,3 +1317,18 @@ func (r *Request) outgoingLength() int64 {
 	}
 	return -1
 }
+
+// requestMethodUsuallyLacksBody reports whether the given request
+// method is one that typically does not involve a request body.
+// This is used by the Transport (via
+// transferWriter.shouldSendChunkedRequestBody) to determine whether
+// we try to test-read a byte from a non-nil Request.Body when
+// Request.outgoingLength() returns -1. See the comments in
+// shouldSendChunkedRequestBody.
+func requestMethodUsuallyLacksBody(method string) bool {
+	switch method {
+	case "GET", "HEAD", "DELETE", "OPTIONS", "PROPFIND", "SEARCH":
+		return true
+	}
+	return false
+}

src/net/http/requestwrite_test.go

@@ -5,14 +5,17 @@
 package http
 
 import (
+	"bufio"
 	"bytes"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net"
 	"net/url"
 	"strings"
 	"testing"
+	"time"
 )
 
 type reqWriteTest struct {
@@ -566,6 +569,138 @@ func TestRequestWrite(t *testing.T) {
 	}
 }
 
+func TestRequestWriteTransport(t *testing.T) {
+	t.Parallel()
+
+	matchSubstr := func(substr string) func(string) error {
+		return func(written string) error {
+			if !strings.Contains(written, substr) {
+				return fmt.Errorf("expected substring %q in request: %s", substr, written)
+			}
+			return nil
+		}
+	}
+
+	noContentLengthOrTransferEncoding := func(req string) error {
+		if strings.Contains(req, "Content-Length: ") {
+			return fmt.Errorf("unexpected Content-Length in request: %s", req)
+		}
+		if strings.Contains(req, "Transfer-Encoding: ") {
+			return fmt.Errorf("unexpected Transfer-Encoding in request: %s", req)
+		}
+		return nil
+	}
+
+	all := func(checks ...func(string) error) func(string) error {
+		return func(req string) error {
+			for _, c := range checks {
+				if err := c(req); err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+	}
+
+	type testCase struct {
+		method string
+		clen   int64 // ContentLength
+		body   io.ReadCloser
+		want   func(string) error
+
+		// optional:
+		init         func(*testCase)
+		afterReqRead func()
+	}
+
+	tests := []testCase{
+		{
+			method: "GET",
+			want:   noContentLengthOrTransferEncoding,
+		},
+		{
+			method: "GET",
+			body:   ioutil.NopCloser(strings.NewReader("")),
+			want:   noContentLengthOrTransferEncoding,
+		},
+		{
+			method: "GET",
+			clen:   -1,
+			body:   ioutil.NopCloser(strings.NewReader("")),
+			want:   noContentLengthOrTransferEncoding,
+		},
+		// A GET with a body, with explicit content length:
+		{
+			method: "GET",
+			clen:   7,
+			body:   ioutil.NopCloser(strings.NewReader("foobody")),
+			want: all(matchSubstr("Content-Length: 7"),
+				matchSubstr("foobody")),
+		},
+		// A GET with a body, sniffing the leading "f" from "foobody".
+		{
+			method: "GET",
+			clen:   -1,
+			body:   ioutil.NopCloser(strings.NewReader("foobody")),
+			want: all(matchSubstr("Transfer-Encoding: chunked"),
+				matchSubstr("\r\n1\r\nf\r\n"),
+				matchSubstr("oobody")),
+		},
+		// But a POST request is expected to have a body, so
+		// no sniffing happens:
+		{
+			method: "POST",
+			clen:   -1,
+			body:   ioutil.NopCloser(strings.NewReader("foobody")),
+			want: all(matchSubstr("Transfer-Encoding: chunked"),
+				matchSubstr("foobody")),
+		},
+		{
+			method: "POST",
+			clen:   -1,
+			body:   ioutil.NopCloser(strings.NewReader("")),
+			want:   all(matchSubstr("Transfer-Encoding: chunked")),
+		},
+		// Verify that a blocking Request.Body doesn't block forever.
+		{
+			method: "GET",
+			clen:   -1,
+			init: func(tt *testCase) {
+				pr, pw := io.Pipe()
+				tt.afterReqRead = func() {
+					pw.Close()
+				}
+				tt.body = ioutil.NopCloser(pr)
+			},
+			want: matchSubstr("Transfer-Encoding: chunked"),
+		},
+	}
+
+	for i, tt := range tests {
+		if tt.init != nil {
+			tt.init(&tt)
+		}
+		req := &Request{
+			Method: tt.method,
+			URL: &url.URL{
+				Scheme: "http",
+				Host:   "example.com",
+			},
+			Header:        make(Header),
+			ContentLength: tt.clen,
+			Body:          tt.body,
+		}
+		got, err := dumpRequestOut(req, tt.afterReqRead)
+		if err != nil {
+			t.Errorf("test[%d]: %v", i, err)
+			continue
+		}
+		if err := tt.want(string(got)); err != nil {
+			t.Errorf("test[%d]: %v", i, err)
+		}
+	}
+}
+
 type closeChecker struct {
 	io.Reader
 	closed bool
@@ -672,3 +807,76 @@ func TestRequestWriteError(t *testing.T) {
 		t.Fatalf("writeCalls constant is outdated in test")
 	}
 }
+
+// dumpRequestOut is a modified copy of net/http/httputil.DumpRequestOut.
+// Unlike the original, this version doesn't mutate the req.Body and
+// try to restore it. It always dumps the whole body.
+// And it doesn't support https.
+func dumpRequestOut(req *Request, onReadHeaders func()) ([]byte, error) {
+
+	// Use the actual Transport code to record what we would send
+	// on the wire, but not using TCP.  Use a Transport with a
+	// custom dialer that returns a fake net.Conn that waits
+	// for the full input (and recording it), and then responds
+	// with a dummy response.
+	var buf bytes.Buffer // records the output
+	pr, pw := io.Pipe()
+	defer pr.Close()
+	defer pw.Close()
+	dr := &delegateReader{c: make(chan io.Reader)}
+
+	t := &Transport{
+		Dial: func(net, addr string) (net.Conn, error) {
+			return &dumpConn{io.MultiWriter(&buf, pw), dr}, nil
+		},
+	}
+	defer t.CloseIdleConnections()
+
+	// Wait for the request before replying with a dummy response:
+	go func() {
+		req, err := ReadRequest(bufio.NewReader(pr))
+		if err == nil {
+			if onReadHeaders != nil {
+				onReadHeaders()
+			}
+			// Ensure all the body is read; otherwise
+			// we'll get a partial dump.
+			io.Copy(ioutil.Discard, req.Body)
+			req.Body.Close()
+		}
+		dr.c <- strings.NewReader("HTTP/1.1 204 No Content\r\nConnection: close\r\n\r\n")
+	}()
+
+	_, err := t.RoundTrip(req)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// delegateReader is a reader that delegates to another reader,
+// once it arrives on a channel.
+type delegateReader struct {
+	c chan io.Reader
+	r io.Reader // nil until received from c
+}
+
+func (r *delegateReader) Read(p []byte) (int, error) {
+	if r.r == nil {
+		r.r = <-r.c
+	}
+	return r.r.Read(p)
+}
+
+// dumpConn is a net.Conn that writes to Writer and reads from Reader.
+type dumpConn struct {
+	io.Writer
+	io.Reader
+}
+
+func (c *dumpConn) Close() error                       { return nil }
+func (c *dumpConn) LocalAddr() net.Addr                { return nil }
+func (c *dumpConn) RemoteAddr() net.Addr               { return nil }
+func (c *dumpConn) SetDeadline(t time.Time) error      { return nil }
+func (c *dumpConn) SetReadDeadline(t time.Time) error  { return nil }
+func (c *dumpConn) SetWriteDeadline(t time.Time) error { return nil }