Skip to content

fix: prevent crash in authenticate() when register() fails#56

Open
toddr-bot wants to merge 2 commits into
mainfrom
koan.toddr.bot/fix-authenticate-crash
Open

fix: prevent crash in authenticate() when register() fails#56
toddr-bot wants to merge 2 commits into
mainfrom
koan.toddr.bot/fix-authenticate-crash

Conversation

@toddr-bot

Copy link
Copy Markdown
Contributor

What

Fix two bugs in the Core.pm network layer: a crash in authenticate() and a socket leak in disconnect().

Why

When a Razor server returns error 213 (unknown user), authenticate() tries to re-register. If register() fails (returns undef), the code immediately dereferences the return value as a hashref ($id->{user}), causing a fatal crash. This affects users whose identity is lost on the server side — instead of a graceful error, the client dies.

The disconnect() method also had a bug: it passed closesock=0 to _send() and then deleted the socket reference without actually closing it. The IO::Select object still held a reference, leaking the file descriptor until GC. The comment "# _send closes socket" was misleading.

How

  • Added ref($id) eq 'HASH' guard before dereferencing register()'s return value
  • Made disconnect() explicitly close the socket, remove it from IO::Select, and clear all connection state (sock, select, connected_to)

Testing

  • New t/core.t with tests for both bugs
  • Full test suite passes (182 tests)

🤖 Generated with Claude Code

@toddr toddr marked this pull request as ready for review May 26, 2026 22:24
@toddr

toddr commented May 26, 2026

Copy link
Copy Markdown
Member

@toddr-bot rebase

@toddr toddr self-assigned this May 26, 2026
authenticate() dereferences the return value of register() as a hashref
without checking if it's actually a reference. When register() fails
(returning undef), this causes a fatal error:
"Can't use an undefined value as a HASH ref"

Also fix disconnect() to properly close the socket and clean up the
IO::Select reference and connection state. Previously, the socket was
never explicitly closed — the comment "# _send closes socket" was wrong
since closesock=0 was passed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@toddr-bot

Copy link
Copy Markdown
Contributor Author

Rebase with requested adjustments

Branch koan.toddr.bot/fix-authenticate-crash was rebased onto main and review feedback was applied.

Stats

2 files changed, 63 insertions(+), 2 deletions(-)
Actions performed
  • Already-solved check: skipped (JSON parse error)
  • Resolved merge conflicts (1 round(s))
  • Rebased koan.toddr.bot/fix-authenticate-crash onto origin/main
  • Pre-push CI check: previous run passed
  • Force-pushed koan.toddr.bot/fix-authenticate-crash to origin
  • CI check enqueued in ## CI (async)

CI status

CI will be checked asynchronously.


Automated by Kōan

@toddr-bot toddr-bot force-pushed the koan.toddr.bot/fix-authenticate-crash branch from 7922aae to 7fe5493 Compare May 26, 2026 22:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants