agate

Simple gemini server for static files
git clone https://github.com/mbrubeck/agate.git
Log | Files | Refs | README
commit eec057515d24ddcb993e1f2cfb694bab26fbf442
parent 782e0430832cde12339edb732ebe8989f376e8e9
Author: Johann150 <johann.galle@protonmail.com>
Date:   Tue, 23 Mar 2021 23:25:04 +0100

finish up for merge

Diffstat:

MREADME.md | 4++++


Msrc/certificates.rs | 7++++---


Mtests/tests.rs | 3+--


3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
@@ -180,6 +180,10 @@ The "error:" part will only be logged if an error occurred. This should only be 
 
 There are some lines apart from these that might occur in logs depending on the selected log level. For example the initial "Listening on..." line or information about listing a particular directory.
 
+## Security considerations
+
+If you want to run agate on a multi-user system, you should be aware that all certificate and key data is loaded into memory and stored there until the server stops. Since the memory is also not explicitly overwritten or zeroed after use, the sensitive data might stay in memory after the server has terminated.
+
 [Gemini]: https://gemini.circumlunar.space/
 [Rust]: https://www.rust-lang.org/
 [home]: gemini://qwertqwefsday.eu/agate.gmi
diff --git a/src/certificates.rs b/src/certificates.rs
@@ -194,9 +194,10 @@ impl CertStore {
             // length of either a or b and the for loop will not decide.
             for (a_part, b_part) in a.split('.').rev().zip(b.split('.').rev()) {
                 if a_part != b_part {
-                    // What we sort by here is not really important, but `str`
-                    // already implements Ord, making it easier for us.
-                    return a_part.cmp(b_part);
+                    // Here we have to make sure that the empty string will
+                    // always be sorted to the end, so we reverse the usual
+                    // ordering of str.
+                    return a_part.cmp(b_part).reverse();
                 }
             }
             // Sort longer domains first.
diff --git a/tests/tests.rs b/tests/tests.rs
@@ -81,8 +81,7 @@ impl Drop for Server {
             // a potential error message was not yet handled
             self.stop().unwrap();
         } else if self.output.is_some() {
-            // error was already handled, ignore it
-            self.stop().unwrap_or(());
+            // server was already stopped
         } else {
             // we are panicking and a potential error was not handled
             self.stop().unwrap_or_else(|e| eprintln!("{:?}", e));