Skip to content

[Crash] Unchecked ss.config.services.ratelimit.* config chains cause multiple crashes #61

New issue
New issue
Open
Open
[Crash] Unchecked ss.config.services.ratelimit.* config chains cause multiple crashes#61
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Feb 28, 2026

Summary

Services server crashes in multiple locations when ss.config.services.ratelimit nested config is incomplete.

Affected Code

Multiple locations in server-services/:

  1. start-services.js:189
ss.config.services.ratelimit.sensitive.cmds.includes(msg.cmd)
// CRASH if ss.config.services.ratelimit.sensitive.cmds is undefined

2-9. src/ratelimit.js Lines 37, 41, 52, 56, 70, 71, 84, 85

ss.config.services.ratelimit.sensitive.reset_interval
ss.config.services.ratelimit.sensitive.max_count
ss.config.services.ratelimit.regular.reset_interval
ss.config.services.ratelimit.regular.max_count
// All crash if intermediate properties undefined

Vulnerability

If config file is incomplete, missing nested properties, or corrupted.

Impact

  • Services server crash on startup or first message
  • Complete denial of service

Proof of Concept

Start server with incomplete config missing services.ratelimit.sensitive.

Recommended Fix

Use optional chaining throughout:

// start-services.js:189
ss.config?.services?.ratelimit?.sensitive?.cmds?.includes(msg.cmd)

// ratelimit.js
ss.config?.services?.ratelimit?.sensitive?.reset_interval || 5 * 60
ss.config?.services?.ratelimit?.sensitive?.max_count || 5
ss.config?.services?.ratelimit?.regular?.reset_interval || 60
ss.config?.services?.ratelimit?.regular?.max_count || 10

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions