Upload / proxy hardening — audit follow-up 2/2
Second and final batch from the worker/slot/proxy audit. No byte-level behavior change; Java 8 compatibility preserved.
- ChunkUploader: replaced the
QueueInputStream+QueueOutputStream+CipherInputStreampipeline with a directCipher.update(plain, 0, len, enc, 0)call. The old path routed every plaintext byte through aBlockingQueue<Integer>(boxing!) and pulled every ciphertext byte out via single-bytecis.read()— roughly 2 * chunk_size function calls per chunk on the upload hot path. AES-CTR/NoPadding has no internal buffering, so the transformation is bit-for-bit identical and much faster. - ChunkUploader: success branch now strictly requires
tot_bytes_up == chunk_size; the previous|| reads == -1gate would treat premature EOF as success (the HTTP layer caught it in practice, but the intent is now unambiguous). - SmartMegaProxyManager auto-refresh thread: honour
MainPanel.isExit()in both loops so the daemon terminates cleanly on shutdown instead of spinning until JVM tears it down.InterruptedExceptionnow restores the interrupt flag and returns. - MegaProxyServer.readLine: cache the input stream and cap the line at 8 KiB so a misbehaving (loopback-bound, but still) peer can't feed non-newline bytes until the
ByteArrayOutputStreamOOMs. - MegaProxyServer Handler: catch
IllegalArgumentExceptionaround the Base64 decode of theProxy-Authorizationheader so a malformed value falls through to the 403 path instead of escaping the Runnable as an unchecked exception. - DownloadManager.forceResetAllChunks: dropped a misleading
synchronized— the actual work runs onTHREAD_POOL, so the keyword only serialized the submission of the Runnable, not the work itself.