Security: Fix concurrent map read & write in proxy CSS rewriter (GHSA-w4vj-r5pg-3722)

2026-06-27 22:46:09 +00:00 · 2026-05-12 16:43:15 +12:00
parent 35079d182c
commit 4ab532b9aa
1 changed files with 2 additions and 2 deletions
--- a/server/handlers/proxy.go
+++ b/server/handlers/proxy.go
@@ -213,14 +213,14 @@ func ProxyHandler(w http.ResponseWriter, r *http.Request) {
 			}

 			// store asset address against message ID
+			assetsMutex.Lock()
 			if result, ok := assets[id]; ok {
 				if !tools.InArray(address, result.Assets) {
-					assetsMutex.Lock()
 					result.Assets = append(result.Assets, address)
 					assets[id] = result
-					assetsMutex.Unlock()
 				}
 			}
+			assetsMutex.Unlock()

 			// encode with base64 to handle any special characters and group message ID with URL
 			encoded := base64.StdEncoding.EncodeToString([]byte(id + ":" + address))