From d3d41e963486edaaa2a5416e1ff4cbbfde5b2be5 Mon Sep 17 00:00:00 2001
From: Captain Mirage <87281406+CaptainMirage@users.noreply.github.com>
Date: Sat, 16 May 2026 02:06:57 +0330
Subject: [PATCH 1/2] fix(domain_fronter): prevent panic when brace positions
 are inverted in fallback JSON extraction

In three error-path fallback sites (finalize_tunnel_response,
finalize_batch_response, parse_relay_json), the code uses text.find('{')
and text.rfind('}') to extract a JSON object from a messy response. When
the response body is binary garbage, those byte values can appear in any
order, causing start > end. The subsequent &text[start..=end] slice then
panics with 'begin > end' and a SIGILL core dump.

Add a bounds check at all three sites: if start > end, return a structured
BadResponse error instead of slicing. Reproducible whenever Apps Script
returns a non-JSON binary response body.
---
 src/domain_fronter.rs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/domain_fronter.rs b/src/domain_fronter.rs
index a41fe3e4..461611f1 100644
--- a/src/domain_fronter.rs
+++ b/src/domain_fronter.rs
@@ -3037,6 +3037,12 @@ impl DomainFronter {
             let end = text.rfind('}').ok_or_else(|| {
                 FronterError::BadResponse("no json end in tunnel response".into())
             })?;
+            if start > end {
+                return Err(FronterError::BadResponse(format!(
+                    "no valid json object in: {}",
+                    &text.chars().take(200).collect::<String>()
+                )));
+            }
             &text[start..=end]
         };
         Ok(serde_json::from_str(json_str)?)
@@ -3205,6 +3211,12 @@ impl DomainFronter {
             let end = text.rfind('}').ok_or_else(|| {
                 FronterError::BadResponse("no json end in batch response".into())
             })?;
+            if start > end {
+                return Err(FronterError::BadResponse(format!(
+                    "no valid json object in: {}",
+                    &text.chars().take(200).collect::<String>()
+                )));
+            }
             &text[start..=end]
         };
         // Don't log payload content. Batch responses carry base64-encoded
@@ -4574,6 +4586,12 @@ fn parse_relay_json(body: &[u8]) -> Result<Vec<u8>, FronterError> {
                         &text[..text.len().min(200)]
                     ))
                 })?;
+                if start > end {
+                    return Err(FronterError::BadResponse(format!(
+                        "no valid json object in: {}",
+                        &text.chars().take(200).collect::<String>()
+                    )));
+                }
                 serde_json::from_str(&text[start..=end])?
             }
         }

From a3af410b3b89bc922cd8132e509c6fe664ea2e37 Mon Sep 17 00:00:00 2001
From: Captain Mirage <87281406+CaptainMirage@users.noreply.github.com>
Date: Sat, 16 May 2026 11:06:41 +0330
Subject: [PATCH 2/2] Merge branch 'main' of
 https://github.com/therealaleph/MasterHttpRelayVPN-RUST into
 fix/parse-relay-json-inverted-brace