summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorDaniel Martí <mvdan@mvdan.cc>2020-02-13 09:25:55 +0000
committerDrew DeVault <sir@cmpwn.com>2020-02-13 10:26:12 -0500
commit72f55b857b90af85625defd5f048fbb23bbc4595 (patch)
tree7e60fcd8dcac6cba9d7c3fe6442e6fc51e31b41c
parenta82fa2bf23e58a024bf9fcd4ca8dc3d9160d3cba (diff)
downloadaerc-72f55b857b90af85625defd5f048fbb23bbc4595.tar.gz
lib: fix an out of bounds panic in the server
If the message doesn't contain ':', we don't properly discard the
message, so we end up slicing it like msg[:-1].

This can be reproduced if one runs 'aerc foo', as the server receives
'foo' as the message.

'aerc foo' still doesn't do anything very user friendly, but at least it
doesn't panic horribly.

While at it, do the 'got message' log at the very beginning, so that the
user can see what message the server got before reporting the command as
invalid.

Signed-off-by: Daniel Martí <mvdan@mvdan.cc>
-rw-r--r--lib/socket.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/socket.go b/lib/socket.go
index d5db3dc..cdf0f73 100644
--- a/lib/socket.go
+++ b/lib/socket.go
@@ -61,10 +61,11 @@ func (as *AercServer) handleClient(conn net.Conn) {
 	for scanner.Scan() {
 		conn.SetDeadline(time.Now().Add(1 * time.Minute))
 		msg := scanner.Text()
+		as.logger.Printf("unix:%d: got message %s", clientId, msg)
 		if !strings.ContainsRune(msg, ':') {
 			conn.Write([]byte("error: invalid command\n"))
+			continue
 		}
-		as.logger.Printf("unix:%d: got message %s", clientId, msg)
 		prefix := msg[:strings.IndexRune(msg, ':')]
 		switch prefix {
 		case "mailto":