🔒 [security fix] Handle serialization failures in daemon commands and socket communication. (#16)

- Replaced `.unwrap()` with proper error handling during JSON serialization in `GetStateCommand`, `GetTracksCommand`, and `GetFullStateCommand`. - Added error handling for malformed client requests in the daemon's main loop. - Ensured the daemon stays running even if serialization or deserialization fails. - Handled potential errors from `get_all_devices()`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
2026-04-28 06:21:23 +00:00 · 2026-03-06 23:02:07 +03:00
parent 80a8b1a45f
commit 89ce111542
2 changed files with 43 additions and 8 deletions
@@ -95,7 +95,21 @@ async fn commands_loop(listener: UnixListener) -> Result<(), Box<dyn Error>> {
                return;
            }

-            let request: Request = serde_json::from_slice(&buffer).unwrap();
+            let request: Request = match serde_json::from_slice(&buffer) {
+                Ok(req) => req,
+                Err(err) => {
+                    let response =
+                        Response::new(false, format!("Failed to parse request: {}", err));
+                    let response_data = match serde_json::to_vec(&response) {
+                        Ok(data) => data,
+                        Err(_) => return, // Should not happen with this simple Response
+                    };
+                    let response_len = response_data.len() as u32;
+                    let _ = stream.write_all(&response_len.to_le_bytes()).await;
+                    let _ = stream.write_all(&response_data).await;
+                    return;
+                }
+            };
            // ---------- Read request (end) ----------

            // ---------- Generate response (start) ----------
@@ -109,7 +123,13 @@ async fn commands_loop(listener: UnixListener) -> Result<(), Box<dyn Error>> {
            // ---------- Generate response (end) ----------

            // ---------- Send response (start) ----------
-            let response_data = serde_json::to_vec(&response).unwrap();
+            let response_data = match serde_json::to_vec(&response) {
+                Ok(data) => data,
+                Err(err) => {
+                    eprintln!("Failed to serialize response: {}", err);
+                    return;
+                }
+            };
            let response_len = response_data.len() as u32;

            if stream.write_all(&response_len.to_le_bytes()).await.is_err() {