From 2e2ea4f3f06b170aa2f512d05a57ffcdcee32ede Mon Sep 17 00:00:00 2001 From: Captain Mirage <87281406+CaptainMirage@users.noreply.github.com> Date: Sat, 16 May 2026 16:52:57 +0330 Subject: [PATCH] fix(domain-fronting): guard fallback JSON extraction Reject malformed fallback relay responses where JSON brace positions are inverted instead of slicing with invalid bounds. --- src/domain_fronter.rs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/domain_fronter.rs b/src/domain_fronter.rs index b66db04..2c1ac5e 100644 --- a/src/domain_fronter.rs +++ b/src/domain_fronter.rs @@ -3036,6 +3036,12 @@ impl DomainFronter { let end = text.rfind('}').ok_or_else(|| { FronterError::BadResponse("no json end in tunnel response".into()) })?; + if start > end { + return Err(FronterError::BadResponse(format!( + "no valid json object in: {}", + &text.chars().take(200).collect::() + ))); + } &text[start..=end] }; Ok(serde_json::from_str(json_str)?) @@ -3204,6 +3210,12 @@ impl DomainFronter { let end = text.rfind('}').ok_or_else(|| { FronterError::BadResponse("no json end in batch response".into()) })?; + if start > end { + return Err(FronterError::BadResponse(format!( + "no valid json object in: {}", + &text.chars().take(200).collect::() + ))); + } &text[start..=end] }; // Don't log payload content. Batch responses carry base64-encoded @@ -4580,6 +4592,12 @@ fn parse_relay_json(body: &[u8]) -> Result, FronterError> { &text.chars().take(200).collect::() )) })?; + if start > end { + return Err(FronterError::BadResponse(format!( + "no valid json object in: {}", + &text.chars().take(200).collect::() + ))); + } serde_json::from_str(&text[start..=end])? } }