Kick clients that incorrectly KEXes to prevent crash
Spixa opened this issue · comments
Since unwrap is called on lib.rs:109:
// get encrypted aes key
let mut enc_aes_key = [0_u8; 512];
stream.read_exact(&mut enc_aes_key).unwrap();
If you connect with a dummy client that just does nothing, the server expects to receive aes key but there is nothing to receive and the server crashes
A way to fix this is instead of calling unwrap, use a match expression and kick client on Err
Also this is just the first detected crash that is caused by the .unwrap()
assumption of the client being sane, so other possible crashes done by a bad client should be fixed as well
thanks
hello my lad; i have this funky usage of .unwrap()
, my apologies for using unwrap in a library, it was truly the biggest of oversights on my end.
the function now returns a result and retries on wouldblock, meaning it will be a good function, please enjoy and thank you for the report.