laantungir/c-relay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

v0.7.17 - Fixed critical race condition in CLOSE message handler causing segfault during subscription storms

Browse Source
This commit is contained in:
Your Name
2025-10-15 09:10:18 -04:00
parent e833dcefd4
commit b041654611
3 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/websockets.c
View File

@@ -895,10 +895,9 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
return 0;
}
// Remove from global manager
remove_subscription_from_manager(subscription_id, wsi);
// Remove from session list if present
// CRITICAL FIX: Remove from session list FIRST (while holding lock)
// to prevent race condition where global manager frees the subscription
// while we're still iterating through the session list
if (pss) {
pthread_mutex_lock(&pss->session_lock);
@@ -916,6 +915,10 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
pthread_mutex_unlock(&pss->session_lock);
}
// Remove from global manager AFTER removing from session list
// This prevents use-after-free when iterating session subscriptions
remove_subscription_from_manager(subscription_id, wsi);
// Subscription closed
} else {
send_notice_message(wsi, "error: missing or invalid subscription ID in CLOSE");