Double Free in Chi with Basic Auth

A Double Free in the Chi router occurs when the same underlying memory is freed more than once during request handling. When paired with Basic Auth, the interaction can expose or exacerbate the condition because middleware runs on every matched route, including authenticated routes, and may allocate and later free objects such as context values or authentication state.

In Chi, Basic Auth is commonly implemented as a middleware that inspects the Authorization header, decodes credentials, and attaches user information to the request context. If the middleware allocates a user object or copies header values into the context and then calls next.ServeHTTP, the downstream handlers may also allocate or wrap context values. A Double Free can arise if both the middleware and a handler (or two handlers in the chain) attempt to release the same pointer, for example when a context value and a corresponding cleanup function both try to free a shared C-allocated memory structure via CGO, or when two middleware layers each call a destructor on the same object stored in the context.

During a Black-box scan with middleBrick, unauthenticated attack surface testing can trigger authentication-protected routes by injecting malformed or missing credentials, causing Chi to route through the Basic Auth middleware and exposing the request path that leads to the double deallocation. The scanner detects outcomes such as crashes, panics, or unexpected HTTP status codes that indicate memory safety issues. Because Chi routes are matched at runtime, misconfigured route-level middleware can repeatedly allocate and free the same resource across retries or concurrent requests, increasing the likelihood of a detectable Double Free under load.

To illustrate, consider a Chi route tree where the root route uses Basic Auth middleware and a subroute uses a custom handler that also interacts with context values. If the middleware stores a pointer in the context and the handler retrieves and frees it, and then the middleware’s deferred cleanup also attempts to free the same pointer, a Double Free occurs. This pattern is more likely when context values are passed across middleware layers or when integration with external libraries that manage their own memory introduces shared ownership.

Using middleBrick, teams can identify routes with overlapping middleware and handler allocations by reviewing per-category findings for Unsafe Consumption and BFLA/Privilege Escalation. The scanner runs multiple probes to test authenticated and unauthenticated paths in parallel, helping to surface routes where Basic Auth and Chi routing interact in ways that risk memory corruption.

Remediation focuses on ensuring that memory is owned and freed by a single, clearly defined layer. Avoid storing pointers in the Chi context that are also freed by middleware or downstream handlers. Prefer value copies or immutable data, and ensure cleanup logic is centralized.

Example 1: Safe Basic Auth middleware without shared ownership

In this example, the middleware decodes credentials, validates them, and attaches only primitive or immutable values to the context. No pointer is passed that could be double-freed by downstream code.

import (
    "context"
    "net/http"
    "strings"

    "github.com/go-chi/chi/v5"
    "github.com/go-chi/chi/v5/middleware"
)

func BasicAuth(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        user, pass, ok := r.BasicAuth()
        if !ok || !validate(user, pass) {
            http.Error(w, "Unauthorized", http.StatusUnauthorized)
            return
        }
        // Attach immutable values, not pointers that could be double-freed
        ctx := context.WithValue(r.Context(), "user", user)
        next.ServeHTTP(w, r.WithContext(ctx))
    })
}

func validate(user, pass string) bool {
    // Replace with secure credential validation
    return user == "admin" && pass == "secret"
}

func main() {
    r := chi.NewRouter()
    r.Use(middleware.RequestID)
    r.Use(middleware.Recoverer)
    r.Use(BasicAuth)

    r.Get("/secure", func(w http.ResponseWriter, r *http.Request) {
        user, _ := r.Context().Value("user").(string)
        // Use user value; no pointer stored that could be freed twice
        w.Write([]byte("Hello, " + user))
    })

    http.ListenAndServe(":8080", r)
}

Example 2: Centralized cleanup with a once-per-request pattern

When you must allocate resources, tie ownership to the request lifecycle using middleware-level initialization and cleanup, and avoid freeing the same resource in handlers.

import (
    "context"
    "fmt"
    "net/http"

    "github.com/go-chi/chi/v5"
)

type stateKey struct{}

func WithState(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // Allocate once per request
        state := make(map[string]interface{})
        ctx := context.WithValue(r.Context(), stateKey{}, state)
        // Ensure cleanup happens after the request is done
        defer func() {
            // Safe: state is owned exclusively by this middleware frame
            fmt.Println("cleaning up state")
        }()
        next.ServeHTTP(w, r.WithContext(ctx))
    })
}

func handler(w http.ResponseWriter, r *http.Request) {
    state, _ := r.Context().Value(stateKey{}).(map[string]interface{})
    state["msg"] = "processed"
    w.Write([]byte("ok"))
}

func main() {
    r := chi.NewRouter()
    r.Use(WithState)
    r.Get("/", handler)
    http.ListenAndServe(":8080", r)
}

These patterns reduce the risk of Double Free by eliminating shared ownership of pointers across middleware and handlers. When integrating with external libraries that use CGO or manage their own memory, ensure that only one component is responsible for freeing a given allocation.

Use middleBrick to verify that routes with Basic Auth do not produce findings in Unsafe Consumption or BFLA/Privilege Escalation categories. The scanner’s parallel checks can highlight routes where remediation is still needed.