fix(server): eliminate TOCTOU races in MCP server and plugin registry

echobt · echobt · commit 829f773d0e88 · 2026-02-04T15:16:04.000Z
- server.rs: Hold write lock during entire state check and modification
  in handle_initialize to prevent concurrent initialization races
- registry.rs: Use HashMap entry API to atomically check-and-insert
  plugin registration to prevent duplicate registration races

Fixes #5262, #5260
diff --git a/src/cortex-mcp-server/src/server.rs b/src/cortex-mcp-server/src/server.rs
@@ -222,14 +222,17 @@ impl McpServer {
     }
 
     async fn handle_initialize(&self, params: Option<Value>) -> Result<Value, JsonRpcError> {
-        // Check state
-        let current_state = *self.state.read().await;
-        if current_state != ServerState::Uninitialized {
-            return Err(JsonRpcError::invalid_request("Server already initialized"));
+        // Atomic check-and-transition: hold write lock during entire state check and modification
+        // to prevent TOCTOU race conditions where multiple concurrent initialize requests
+        // could both pass the uninitialized check before either sets the state
+        {
+            let mut state_guard = self.state.write().await;
+            if *state_guard != ServerState::Uninitialized {
+                return Err(JsonRpcError::invalid_request("Server already initialized"));
+            }
+            *state_guard = ServerState::Initializing;
         }
 
-        *self.state.write().await = ServerState::Initializing;
-
         // Parse params
         let init_params: InitializeParams = params
             .map(serde_json::from_value)
diff --git a/src/cortex-plugins/src/registry.rs b/src/cortex-plugins/src/registry.rs
@@ -674,18 +674,21 @@ impl PluginRegistry {
         let info = plugin.info().clone();
         let id = info.id.clone();
 
-        {
-            let plugins = self.plugins.read().await;
-            if plugins.contains_key(&id) {
-                return Err(PluginError::AlreadyExists(id));
-            }
-        }
-
+        // Use entry API to atomically check-and-insert within a single write lock
+        // to prevent TOCTOU race conditions where multiple concurrent registrations
+        // could both pass the contains_key check before either inserts
         let handle = PluginHandle::new(plugin);
-
         {
             let mut plugins = self.plugins.write().await;
-            plugins.insert(id.clone(), handle);
+            use std::collections::hash_map::Entry;
+            match plugins.entry(id.clone()) {
+                Entry::Occupied(_) => {
+                    return Err(PluginError::AlreadyExists(id));
+                }
+                Entry::Vacant(entry) => {
+                    entry.insert(handle);
+                }
+            }
         }
 
         {
