- pkg/transport/tls.go: check AppendCertsFromPEM return value and
return clear error when CA file contains no valid PEM certificates
- pkg/plugin/client/http2http.go: set ReadHeaderTimeout to 60s to
match other plugins and prevent slow header attacks
- pkg/plugin/client/http2https.go: same ReadHeaderTimeout fix
- pkg/util/net/websocket.go: store ln parameter in struct to prevent
nil pointer panic when Addr() is called
- pkg/auth/oidc.go: replace unsynchronized []string with map + RWMutex
for subjectsFromLogin to fix data race across concurrent connections
- pkg/nathole/nathole.go: add pool.PutBuf(buf) on ReadFromUDP error
and DecodeMessageInto error paths in waitDetectMessage
- pkg/proto/udp/udp.go: add defer pool.PutBuf(buf) in writerFn to
ensure buffer is returned when the goroutine exits
Fix connection leaks in multiple error paths across client and server:
- server/proxy/http: close tmpConn when WithEncryption fails
- client/proxy: close localConn when ProxyProtocol WriteTo fails
- client/visitor/sudp: close visitorConn on all error paths in getNewVisitorConn
- client/visitor/xtcp: close tunnelConn when WithEncryption fails
- client/visitor/xtcp: close lConn when NewKCPConnFromUDP fails
- pkg/plugin/client/unix_domain_socket: close localConn and connInfo.Conn when WriteTo fails, close connInfo.Conn when DialUnix fails
- pkg/plugin/client/tls2raw: close tlsConn when Handshake or Dial fails
Fix two bugs in TCPGroup.Listen():
- Release acquired port when net.Listen fails to prevent port leak
- Use realPort instead of port for net.Listen to ensure consistency
between port manager records and actual listening port
When frpc verify encounters config errors, the error messages now include
line/column information to help users locate problems:
- TOML syntax errors: report line and column from the TOML parser
(e.g., "toml: line 4, column 11: expected character ]")
- Type mismatch errors: report the field name and approximate line number
(e.g., "line 3: field \"proxies\": cannot unmarshal string into ...")
- File format detection: use file extension to determine format, preventing
silent fallthrough from TOML to YAML parser which produced confusing errors
Previously, a TOML file with syntax errors would silently fall through to the
YAML parser, which would misinterpret the content and produce unhelpful errors
like "json: cannot unmarshal string into Go value of type v1.ClientConfig".
https://claude.ai/code/session_017HWLfcXS3U2hLoy4dsg8Nv
Co-authored-by: Claude <noreply@anthropic.com>
* config: introduce ExecSource value source
* auth: introduce OidcTokenSourceAuthProvider
* auth: use OidcTokenSourceAuthProvider if tokenSource config is present on the client
* cmd: allow exec token source only if CLI flag was passed
The CloseNotifyConn.Close() function calls itself if the closeFlag is equal to 0 which would mean it would immediately swap the closeFlag value to 1 and never call closeFn. It is unclear what the intent of this call to cc.Close() was but I assume it was meant to be a call to close the Conn object instead.
* add proxy name label to the proxy_count metric
* undo label addition in favor of a new metric - this change should not break existing queries
* also register this new metric
* add type label to proxy_counts_detailed
* Update pkg/metrics/prometheus/server.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
