Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 10:15:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #782 from tanmayraut45/fix/active-streams-toctou

Browse Source 
Fix TOCTOU race in chat stream status endpoint
This commit is contained in:
PewDiePie
2026-06-02 09:42:07 +09:00
committed by GitHub
parent 564e1ae3ff 2d7d7b2412
commit 7187118aa6
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/chat_routes.py
+6 -2
View File
@@ -920,11 +920,15 @@ def setup_chat_routes(
_verify_session_owner(request, session_id) _verify_session_owner(request, session_id)
# A detached run can still be going even if _active_streams was popped; # A detached run can still be going even if _active_streams was popped;
# report it as active so the client knows to reconnect via /resume. # report it as active so the client knows to reconnect via /resume.
if session_id not in _active_streams: # Read once via .get() to avoid a KeyError race between the membership
# check and the indexed read if a sibling stream's finally pops the
# entry in between (same pattern _stream_set already uses).
rec = _active_streams.get(session_id)
if rec is None:
if agent_runs.is_active(session_id): if agent_runs.is_active(session_id):
return {"status": "streaming", "detached": True} return {"status": "streaming", "detached": True}
raise HTTPException(404, "No active stream for this session") raise HTTPException(404, "No active stream for this session")
return _active_streams[session_id] return rec
# ------------------------------------------------------------------ # # ------------------------------------------------------------------ #
# POST /api/inject_context # POST /api/inject_context