Skip to content

BBSFirewall v1.1.1

Latest

Choose a tag to compare

@laudenbachm laudenbachm released this 28 May 04:34

BBSFirewall v1.1.1

Bug Fix

Fixed PROXY Protocol header ordering for fast-connecting clients

Clients such as fTelnet and MuffTerm send telnet negotiation bytes immediately on TCP connect. These bytes could reach the backend BBS before the PROXY Protocol header, causing the raw header text to appear on the user's terminal instead of being silently consumed by the backend module.

Root cause: The client data handler was registered before the backend connection was established, allowing buffered client writes to race with the PROXY header write in the connect callback.

Fix: The client socket (telnet) and SSH stream are now paused before the backend connection is initiated, and resumed only after the PROXY Protocol header has been written. This guarantees the header is always the first data in the backend stream regardless of how quickly the client sends.

Files changed: proxy.js, ssh.js