Skip to content

fix(serve/auth): handle crypto/rand.Read error in signSession#5285

Merged
SivanCola merged 2 commits into
esengine:main-v2from
YoungDan-hero:dev-5
Jun 25, 2026
Merged

fix(serve/auth): handle crypto/rand.Read error in signSession#5285
SivanCola merged 2 commits into
esengine:main-v2from
YoungDan-hero:dev-5

Conversation

@YoungDan-hero

Copy link
Copy Markdown
Contributor

signSession() silently discarded the error from rand.Read, leaving the
session nonce all-zero on failure. While this does not directly bypass
authentication (forging a cookie still requires the PBKDF2-derived
sessKey), it weakens the unpredictability of password-mode session
cookies and is an explicit anti-pattern inconsistent with the same
file's generateToken() and sessionKeyForPasswordHash(), both of which
panic on rand.Read failure.

Now panics with a descriptive message, matching the existing convention.

signSession() silently discarded the error from rand.Read, leaving the
session nonce all-zero on failure. While this does not directly bypass
authentication (forging a cookie still requires the PBKDF2-derived
sessKey), it weakens the unpredictability of password-mode session
cookies and is an explicit anti-pattern inconsistent with the same
file's generateToken() and sessionKeyForPasswordHash(), both of which
panic on rand.Read failure.

Now panics with a descriptive message, matching the existing convention.
@github-actions github-actions Bot added the v2 Go rewrite (1.x) — main-v2 branch, active development label Jun 25, 2026
The rand.Read failure comment overstated the risk as making the cookie
'trivially forgeable and bypass authentication'. verifySession still
requires the PBKDF2-derived sessKey to produce a valid HMAC, so an
all-zero nonce is not an auth bypass; it weakens session token
uniqueness/unpredictability. Reword to match the accurate PR description
and avoid misleading future security review.

@SivanCola SivanCola left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. Well-scoped, worthwhile hardening fix. signSession() was discarding the rand.Read error and falling back to an all-zero nonce; it now panics with a descriptive message, matching the existing generateToken() and sessionKeyForPasswordHash() convention in the same file.

Why this fits:

  • The error path is consistent with the file's established "crypto/rand.Read cannot fail on modern systems; panic" convention, rather than introducing a new silent-degradation behavior.
  • Scope is a single function in internal/serve/auth.go; no auth/session logic changed, no cache-sensitive prompt/tool surfaces touched.

The one thing I tightened was the new inline comment. The original wording said an all-zero nonce would make the cookie "trivially forgeable and bypass authentication," but verifySession still requires the PBKDF2-derived sessKey to produce a valid HMAC, so a constant nonce is not an auth bypass — it weakens session token uniqueness/unpredictability. Your PR description already had this exactly right; I pushed a one-line follow-up commit to make the code comment match it, so it doesn't mislead future security review. Original authorship on your commit is preserved.

Verified:

  • go test ./internal/serve passed
  • go vet ./internal/serve passed
  • gofmt -l internal/serve/auth.go clean
  • git diff --check clean

Thanks for catching and fixing this. Once CI stays green I'll merge it into main-v2.

@SivanCola SivanCola merged commit cc2019b into esengine:main-v2 Jun 25, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

v2 Go rewrite (1.x) — main-v2 branch, active development

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants