From efef44c2f9939f8095247da56018bda711e14801 Mon Sep 17 00:00:00 2001
From: Hugo Wetterberg <hugo@wetterberg.nu>
Date: Tue, 5 Jan 2021 20:16:33 +0100
Subject: [PATCH] server: abort request handling on bad requests

A request to a hostname that hasn't been registered with the server
currently results in a nil pointer deref panic in server.go:215 as
request handling continues even if ReadRequest() returns an error.

This change changes all if-else error handling in Server.respond() to
a WriteStatus-call and early return. This makes it clear when request
handling is aborted (and actually aborts when ReadRequest() fails).
---
 server.go | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/server.go b/server.go
index 5643dcd..1f9078a 100644
--- a/server.go
+++ b/server.go
@@ -188,27 +188,29 @@ func (s *Server) respond(conn net.Conn) {
 	req, err := ReadRequest(conn)
 	if err != nil {
 		w.WriteStatus(StatusBadRequest)
-	} else {
-		// Store information about the TLS connection
-		if tlsConn, ok := conn.(*tls.Conn); ok {
-			req.TLS = tlsConn.ConnectionState()
-			if len(req.TLS.PeerCertificates) > 0 {
-				peerCert := req.TLS.PeerCertificates[0]
-				// Store the TLS certificate
-				req.Certificate = &tls.Certificate{
-					Certificate: [][]byte{peerCert.Raw},
-					Leaf:        peerCert,
-				}
+		return
+	}
+
+	// Store information about the TLS connection
+	if tlsConn, ok := conn.(*tls.Conn); ok {
+		req.TLS = tlsConn.ConnectionState()
+		if len(req.TLS.PeerCertificates) > 0 {
+			peerCert := req.TLS.PeerCertificates[0]
+			// Store the TLS certificate
+			req.Certificate = &tls.Certificate{
+				Certificate: [][]byte{peerCert.Raw},
+				Leaf:        peerCert,
 			}
 		}
 	}
 
 	resp := s.responder(req)
-	if resp != nil {
-		resp.Respond(w, req)
-	} else {
+	if resp == nil {
 		w.WriteStatus(StatusNotFound)
+		return
 	}
+
+	resp.Respond(w, req)
 }
 
 func (s *Server) responder(r *Request) Responder {