Fix critical bugs and security vulnerabilities
- Fix race condition in client cleanup by serializing operations - Add proper nil checks in SendMessage for server/config - Add semaphore to limit concurrent health check goroutines - Reduce buffer size to RFC-compliant 512 bytes (was 4096) - Add comprehensive input validation (length, null bytes, UTF-8) - Improve SSL error handling with graceful degradation - Replace unsafe conn.Close() with proper cleanup() calls - Prevent goroutine leaks and memory exhaustion attacks - Enhanced logging and error recovery throughout These fixes address the freezing issues and improve overall server stability, security, and RFC compliance.
This commit is contained in:
11
commands.go
11
commands.go
@@ -1096,11 +1096,8 @@ func (c *Client) handleQuit(parts []string) {
|
||||
}
|
||||
}
|
||||
|
||||
// Remove client from server
|
||||
c.server.RemoveClient(c)
|
||||
|
||||
// Close the connection
|
||||
c.conn.Close()
|
||||
// Use proper cleanup instead of direct connection close
|
||||
c.cleanup()
|
||||
}
|
||||
|
||||
// handleMode handles MODE command
|
||||
@@ -2080,8 +2077,8 @@ func (c *Client) handleKill(parts []string) {
|
||||
}
|
||||
}
|
||||
|
||||
// Disconnect the target
|
||||
target.conn.Close()
|
||||
// Disconnect the target properly
|
||||
target.cleanup()
|
||||
}
|
||||
|
||||
// handleOper handles OPER command
|
||||
|
||||
Reference in New Issue
Block a user