BUG: Insufficient locking in cmd/ssh3-server

francoismichel / ssh3

SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/

https://arxiv.org/abs/2312.08396

Apache License 2.0

3.18k stars 81 forks source link

BUG: Insufficient locking in cmd/ssh3-server #80

Closed Yawning closed 5 months ago

Yawning commented 6 months ago

Server.conversationHandler is called from the HTTP3 server's handler in a per-connection go routine.

The handler in cmd/ssh3-server, mutates global state.

Golang maps require synchronization for concurrent writes and/or concurrent reads + writes. The server appears to do both.

francoismichel commented 6 months ago

Thanks for the feedback ! I'll have a serious look at it after holidays. :-)