gocialite icon indicating copy to clipboard operation
gocialite copied to clipboard

Published 20 hours ago verified publisher icon danilopolani

Gocial Dispatcher overflow

Open j-forster opened this issue 5 years ago • 1 comments

When creating a new Gocial at gocialite.go#L32 , the instance is put into the Dispatchers Gocial map at gocialite.go#L37.

The instance is only freed at Dispatcher.Handle which is done in the callbackHandler (see Readme). If the callbackHandler is not called (if the user closes the tab or the browser or simply navigates back) the Gocial instance is never freed and will result in a memory overflow.

If done on purpose, this bug will crash the golang server. It's a serious security issue.

j-forster avatar Sep 02 '19 19:09 j-forster

Bump that's certainly an issue and seems related to: #8

Being able to store and retrieve the state from a persistence layer seems like the logical way to solve the problem as we don't want to keep that in-memory throughout the whole flow.

mar1n3r0 avatar Feb 29 '20 16:02 mar1n3r0