From 72f55b857b90af85625defd5f048fbb23bbc4595 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Mart=C3=AD?= <mvdan@mvdan.cc>
Date: Thu, 13 Feb 2020 09:25:55 +0000
Subject: lib: fix an out of bounds panic in the server
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If the message doesn't contain ':', we don't properly discard the
message, so we end up slicing it like msg[:-1].

This can be reproduced if one runs 'aerc foo', as the server receives
'foo' as the message.

'aerc foo' still doesn't do anything very user friendly, but at least it
doesn't panic horribly.

While at it, do the 'got message' log at the very beginning, so that the
user can see what message the server got before reporting the command as
invalid.

Signed-off-by: Daniel Martí <mvdan@mvdan.cc>
---
 lib/socket.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/socket.go b/lib/socket.go
index d5db3dc..cdf0f73 100644
--- a/lib/socket.go
+++ b/lib/socket.go
@@ -61,10 +61,11 @@ func (as *AercServer) handleClient(conn net.Conn) {
 	for scanner.Scan() {
 		conn.SetDeadline(time.Now().Add(1 * time.Minute))
 		msg := scanner.Text()
+		as.logger.Printf("unix:%d: got message %s", clientId, msg)
 		if !strings.ContainsRune(msg, ':') {
 			conn.Write([]byte("error: invalid command\n"))
+			continue
 		}
-		as.logger.Printf("unix:%d: got message %s", clientId, msg)
 		prefix := msg[:strings.IndexRune(msg, ':')]
 		switch prefix {
 		case "mailto":
-- 
cgit v1.2.3