In receive_loop() (session.rs:434-450), errors are silently logged but the stream is just closed:
match read_framed(&mut reader).await {
Ok(frame) => {
if let Err(e) = handle_incoming_message(&app, &frame).await {
}
}
Err(e) => {
*state.session.lock().await = None;
let _ = app.emit("session_closed", ());
}
}Problems:
- Individual message errors don't close session: If one message fails to decrypt/process, the loop continues but the peer may have sent a critical message
- No user notification: User doesn't know there was an error. Messages may appear to not be received.
- Decryption errors silently ignored: Could indicate:
- Ratchet desynchronization (key mismatch)
- Peer sent malformed data
- Network corruption
- Active attack (?)
Examples:
- Peer sends message with counter=2, but we expected counter=1
- Ratchet.decrypt() fails but we ignore it and keep the stream open
- Later messages (counter=3,4,...) also fail, but user has no idea
Proposed solution:
- Treat decryption errors as fatal (close session, show user "decryption failed")
- Log failures with more context (counter, error type)
- Show user a warning: "Lost sync with peer, please reconnect"
In receive_loop() (session.rs:434-450), errors are silently logged but the stream is just closed:
Problems:
Examples:
Proposed solution: