lib: fix an out of bounds panic in the server v1 PROPOSED

Daniel Martí: 1
 lib: fix an out of bounds panic in the server

 1 files changed, 1 insertions(+), 0 deletions(-)

Export patchset (mbox)

[PATCH] lib: fix an out of bounds panic in the server Export this patch

If the message doesn't contain ':', we don't properly discard the
message, so we end up slicing it like msg[:-1].

This can be reproduced if one runs 'aerc foo', as the server receives
'foo' as the message.

'aerc foo' still doesn't do anything very user friendly, but at least it
doesn't panic horribly.

Signed-off-by: Daniel Martí <mvdan@mvdan.cc>
---
 lib/socket.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/socket.go b/lib/socket.go
index d5db3dc..e8b8db4 100644
--- a/lib/socket.go
+++ b/lib/socket.go
@@ -63,6 +63,7 @@ func (as *AercServer) handleClient(conn net.Conn) {
 		msg := scanner.Text()
 		if !strings.ContainsRune(msg, ':') {
 			conn.Write([]byte("error: invalid command\n"))
+			continue
 		}
 		as.logger.Printf("unix:%d: got message %s", clientId, msg)

Reto

8 days ago

Can you put the logging above the continue please? That way the user at least sees what was going on instead of just "invalid command"

Daniel Martí

8 days ago

Sure, good idea. I'll send a v2.

git-send-email noob here, btw - is there a way to reply to this, plus
send a v2 patch, in a single email? Without having to copy-paste your
quote above, or otherwise do manual steps.

https://git-send-email.io/#step-4 does cover this scenario, but as far
as I can tell it's going to be a new email thread.

Hi, thanks for the patch

 		prefix := msg[:strings.IndexRune(msg, ':')]
-- 
2.25.0

View this thread in the archives