Double Free in Fiber

Double free vulnerabilities in Fiber applications typically occur when a developer manually manages memory or handles request data that gets freed multiple times. In Go applications built with Fiber, this often happens through improper error handling in middleware chains, where a response body is closed more than once, or through incorrect handling of request-scoped resources.

A common Fiber-specific pattern involves middleware that wraps the response writer. Consider this problematic middleware:

func loggingMiddleware(c *fiber.Ctx) error {
    // Start timer
    start := time.Now()
    
    // Call next handler
    err := c.Next()
    
    // Log duration
    log.Printf("Request took %v", time.Since(start))
    
    // Problematic: closing response body here AND in final handler
    if c.Response().Body != nil {
        c.Response().Body.Close()
    }
    
    return err
}

The issue here is that c.Response().Body.Close() might be called both in this middleware and in the final handler, leading to a double free when the garbage collector attempts to clean up the same memory region twice.

Another Fiber-specific scenario involves improper handling of multipart form data:

func uploadHandler(c *fiber.Ctx) error {
    // Parse multipart form
    form, err := c.MultipartForm()
    if err != nil {
        return err
    }
    
    // Process files
    files := form.File["documents"]
    for _, file := range files {
        // Open file
        f, err := file.Open()
        if err != nil {
            return err
        }
        defer f.Close() // Problematic: defer in loop
        
        // Process file content
        content, err := ioutil.ReadAll(f)
        if err != nil {
            return err
        }
        
        // Store file (hypothetical)
        storeFile(file.Filename, content)
    }
    
    return c.SendStatus(fiber.StatusOK)
}

The defer statement inside the loop creates multiple close operations on the same file handle if the loop iterates more than once, potentially causing double free conditions when the garbage collector processes these handles.

Detecting double free vulnerabilities in Fiber applications requires both static analysis and runtime monitoring. middleBrick's black-box scanning approach is particularly effective because it can identify memory management issues through behavioral analysis without requiring source code access.

middleBrick scans Fiber endpoints by sending requests that trigger different code paths and monitors for memory corruption indicators. The scanner specifically looks for:

• Response body handling patterns that might lead to double closure
• Middleware chains where resources are managed across multiple layers
• Multipart form processing with nested defer statements
• Database connection pooling with improper release patterns

During a scan, middleBrick sends crafted requests to Fiber endpoints and analyzes the responses for anomalies. For example, it might send a multipart request with multiple files to the upload handler shown above and monitor for:

middlebrick scan https://api.example.com/upload \
  --method POST \
  --form "[email protected]" \
  --form "[email protected]" \
  --form "[email protected]"

The scanner then analyzes the response timing, error codes, and any memory-related anomalies to identify potential double free conditions.

For development-time detection, Fiber developers can use Go's built-in race detector combined with comprehensive test coverage:

go test -race ./...
go run -race main.go

The race detector will flag suspicious memory access patterns, though it may not catch all double free scenarios since they don't always manifest as data races.

Fixing double free vulnerabilities in Fiber applications requires careful resource management and understanding of Go's garbage collection behavior. Here are Fiber-specific remediation patterns:

For the logging middleware issue, the correct approach is to let Fiber handle response body management:

func loggingMiddleware(c *fiber.Ctx) error {
    start := time.Now()
    
    // Let Fiber handle the response lifecycle
    err := c.Next()
    
    log.Printf("Request took %v", time.Since(start))
    
    return err
}

Notice that we removed the c.Response().Body.Close() call. Fiber automatically manages response body lifecycle when using its built-in response methods like c.Send(), c.JSON(), or c.SendFile().

For the multipart form handler, the fix involves proper resource management without defer in loops:

func uploadHandler(c *fiber.Ctx) error {
    form, err := c.MultipartForm()
    if err != nil {
        return err
    }
    
    files := form.File["documents"]
    for _, file := range files {
        f, err := file.Open()
        if err != nil {
            return err
        }
        
        // Process file content
        content, err := ioutil.ReadAll(f)
        if err != nil {
            f.Close() // Explicit close on error
            return err
        }
        
        // Store file
        storeFile(file.Filename, content)
        
        // Close file - single close per handle
        f.Close()
    }
    
    return c.SendStatus(fiber.StatusOK)
}

This pattern ensures each file handle is closed exactly once, eliminating the double free risk.

For database operations in Fiber, use connection pools properly:

func getUserHandler(c *fiber.Ctx) error {
    db, err := sql.Open("postgres", dsn)
    if err != nil {
        return err
    }
    defer db.Close() // Single close for the pool
    
    var user User
    row := db.QueryRow("SELECT * FROM users WHERE id = $1", c.Params("id"))
    
    err = row.Scan(&user.ID, &user.Name, &user.Email)
    if err != nil {
        return err
    }
    
    return c.JSON(user)
}

The key principle: each resource should have exactly one owner responsible for its cleanup. Never call cleanup methods on resources you didn't explicitly allocate, and avoid defer statements in loops or conditional branches where multiple paths might attempt cleanup.