Commit e534196
fix(server/mcp): guard nil dereference in sseManager.get (#2557)
## Description
`sseManager.get()` unconditionally accesses `session.lastActive` after a
map lookup, even when the session ID doesn't exist. Since the zero value
for a `*sseSession` pointer is `nil`, this causes a nil pointer
dereference panic at runtime.
This can happen when a client sends a request with a stale or invalid
`sessionId` query parameter — for example, after a network reconnection
or if a session was cleaned up by `cleanupRoutine`.
## Changes
Add an `ok` guard before accessing `session.lastActive`:
```go
session, ok := m.sseSessions[id]
if ok {
session.lastActive = time.Now()
}
```
## Test
Added `TestSseManagerGetNonExistentSession` that calls `get()` with a
non-existent ID and verifies it returns `nil, false` without panicking.
Fixes #2548
Co-authored-by: Wenxin Du <117315983+duwenxin99@users.noreply.github.com>1 parent fcaac9b commit e534196
2 files changed
Lines changed: 19 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
61 | 61 | | |
62 | 62 | | |
63 | 63 | | |
64 | | - | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
65 | 67 | | |
66 | 68 | | |
67 | 69 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1168 | 1168 | | |
1169 | 1169 | | |
1170 | 1170 | | |
| 1171 | + | |
| 1172 | + | |
| 1173 | + | |
| 1174 | + | |
| 1175 | + | |
| 1176 | + | |
| 1177 | + | |
| 1178 | + | |
| 1179 | + | |
| 1180 | + | |
| 1181 | + | |
| 1182 | + | |
| 1183 | + | |
| 1184 | + | |
| 1185 | + | |
| 1186 | + | |
0 commit comments