Crash when unwrapping `NIOLoopBound` from responder without sufficient EL checks
Lukasa opened this issue · 0 comments
Lukasa commented
In #3057 many changes got made like the ones in HTTPServerHandler
that look fundamentally like this:
This code is not sound. Specifically, the code fails to ensure that the future that is returned from respond(to:)
is bound to the same event loop as the one that this request came in on. This can happen in lots of ways, but it's most common when interacting with databases or other tools, which can end up giving futures that resolve on other threads. This can lead to a crash unwrapping the NIOLoopBound
.
These changes need to be accompanied with a call to hop(to:)
on the ELF to ensure that you are on the correct thread before unwrapping the loop-bound.