Couldn't find what causing the nil pointor dereference

CrypticWizard · December 20, 2019, 4:06pm

The Error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0x63f3a3]

goroutine 79 [running]:
main.Checker(0xc00000e260, 0xc000016de0, 0x15, 0xc00001e240)
/home/wizard/Desktop/go/src/github.com/wp-install/check.go:97 +0x333
created by main.main
/home/wizard/Desktop/go/src/github.com/wp-install/check.go:48 +0x315
exit status 2

My Code:
package main

import (
	"bufio"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"os"
	"strings"
	"sync"
	"time"

	"github.com/anikhasibul/queue"
)

const (
	maxFileDescriptors = 6000
)

var wg sync.WaitGroup
var q = queue.New(1000)

func main() {
	file, err := os.Open("list.txt")
	if err != nil {
		log.Fatal(err)
	}
	defer file.Close()
	outfile, err := os.Create("urls.txt")
	if err != nil {
		log.Fatal(err)
	}
	defer outfile.Close()
	results := make(chan string)
	go func() {
		for output := range results {
			fmt.Fprintln(outfile, output)
		}
		close(results)

	}()

	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		wg.Add(1)
		q.Add()
		go Checker(q, scanner.Text(), results)

	}
	wg.Wait()

	if err := scanner.Err(); err != nil {
		log.Fatal(err)
	}
}

// CleanUp Recovers
func CleanUp() {
	if r := recover(); r != nil {
	}
}

// Checker Checks the vulnerbility of Wordpress Installation Vulnerbility
func Checker(q *queue.Q, url string, results chan string) {
	defer q.Done()
	defer wg.Done()
	// defer CleanUp()
	if url == "" {

	}
	sub := []string{"/", "/blog/", "/wp/", "/wordpress/"}
	fixed := []string{"wp-admin/install.php", "wp-admin/setup-config.php"}
	for _, ls := range sub {
		parent := url + ls
		for _, ms := range fixed {
			mainurl := parent + ms
			client := &http.Client{
				Timeout: 5 * time.Second,
				CheckRedirect: func(req *http.Request, via []*http.Request) error {
					return http.ErrUseLastResponse
				},
			}
			req, err := http.NewRequest(
				http.MethodGet,
				mainurl,
				nil,
			)
			if err != nil {
				fmt.Print("DEAD")
			}
			req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0")
			res, err := client.Do(req)
			if err != nil {
				fmt.Println("DEAD")
			}
			body, err := ioutil.ReadAll(res.Body)

			if err != nil {
				fmt.Println("Couldn't Read")
			}
			defer res.Body.Close()
			ch := string(body)
			if strings.Contains(ch, "Select a default language") {
				results <- mainurl
				fmt.Printf("[FOUND] %s\n", mainurl)
			}
			fmt.Printf("[NOT FOUND] %s\n", mainurl)

		}
	}

}

Where is the defer leak? Need Solution

calmh · December 20, 2019, 5:18pm

It’s on line 97:

I didn’t go through your code to figure out precisely which line that is, but you have lots of error checking like this:

req, err := http.NewRequest(
    http.MethodGet,
    mainurl,
    nil,
)
if err != nil {
    fmt.Print("DEAD")
}
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0")

If you get an error here, and consequentely a nil req, you will just print “DEAD” and then crash with a nil dereference on the req.Header... line. Don’t do that. You need to actually bail or otherwise handle the error, not just print something and march onwards pretending it didn’t happen.