andyleap / go-ssb

GNU General Public License v3.0
42 stars 13 forks source link

Slice bounds out of range #5

Closed kseistrup closed 7 years ago

kseistrup commented 7 years ago

I often see this backtrace:

*panic: runtime error: slice bounds out of range

goroutine 14 [running]:
github.com/cryptix/secretstream/secrethandshake.(*State).verifyClientAuth(0x1420ba40, 0x360f5e30, 0x70, 0x70, 0x70)
    /var/local/src/go/src/github.com/cryptix/secretstream/secrethandshake/state.go:177 +0x458
github.com/cryptix/secretstream/secrethandshake.Server(0x1420ba40, 0x592618, 0x2741b8a0, 0x592618, 0x2741b8a0)
    /var/local/src/go/src/github.com/cryptix/secretstream/secrethandshake/conn.go:124 +0x23c
github.com/cryptix/secretstream.ServerOnce(0x594d80, 0x2741b8a0, 0x983efd48, 0x93f844d9, 0xe562cf18, 0xce78189a, 0xa668c6b8, 0xc0313c1d, 0xa319f876, 0x19658a6a, ...)
    /var/local/src/go/src/github.com/cryptix/secretstream/server.go:59 +0xcc
github.com/cryptix/secretstream.Listener.Accept(0x593278, 0x1096f088, 0x10977ab0, 0x593278, 0x1096f088, 0x10a44980, 0x10977ab0)
    /var/local/src/go/src/github.com/cryptix/secretstream/net.go:55 +0xb8
github.com/cryptix/secretstream.(*Listener).Accept(0x10a44980, 0x93f844d9, 0xe562cf18, 0xce78189a, 0xa668c6b8)
    <autogenerated>:18 +0x5c
github.com/andyleap/go-ssb/gossip.Replicate.func1(0x10a10dc0)
    /var/local/src/go/src/github.com/andyleap/go-ssb/gossip/gossip.go:215 +0x11c
created by github.com/andyleap/go-ssb/gossip.Replicate
    /var/local/src/go/src/github.com/andyleap/go-ssb/gossip/gossip.go:224 +0x2c

go version go1.8.1 linux/arm on armv7 (but also seen on x86_64).

andyleap commented 7 years ago

Issue is in github.com/cryptix/secretstream, fixing from my side would be contraindicated. Preliminary fix available at https://github.com/cryptix/secretstream/pull/6