From 1bdd14b42875b428d16686cb9b87f8ac0534cb2c Mon Sep 17 00:00:00 2001 From: Jean Flach Date: Mon, 5 Mar 2018 13:22:43 +0100 Subject: [PATCH] Limit anonymous connections to 25 --- lib/base/netstring.cpp | 2 +- lib/remote/apilistener.cpp | 14 +++++++++++--- lib/remote/apilistener.hpp | 2 +- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/lib/base/netstring.cpp b/lib/base/netstring.cpp index e970f3b61..7d11d8928 100644 --- a/lib/base/netstring.cpp +++ b/lib/base/netstring.cpp @@ -87,7 +87,7 @@ StreamReadStatus NetString::ReadStringFromStream(const Stream::Ptr& stream, Stri if (maxMessageLength >= 0 && data_length > maxMessageLength) { std::stringstream errorMessage; - errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024 / 1024) << " MB"; + errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB"; BOOST_THROW_EXCEPTION(std::invalid_argument(errorMessage.str())); } diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp index bc0df4449..c53cd103c 100644 --- a/lib/remote/apilistener.cpp +++ b/lib/remote/apilistener.cpp @@ -547,8 +547,12 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri endpoint->AddClient(aclient); m_SyncQueue.Enqueue(std::bind(&ApiListener::SyncClient, this, aclient, endpoint, needSync)); - } else - AddAnonymousClient(aclient); + } else { + if (!AddAnonymousClient(aclient)) { + Log(LogNotice, "ApiListener", "Ignoring anonymous JSON-RPC connection. Max connections exceeded."); + aclient->Disconnect(); + } + } } else { Log(LogNotice, "ApiListener", "New HTTP client"); @@ -1360,10 +1364,14 @@ double ApiListener::CalculateZoneLag(const Endpoint::Ptr& endpoint) return 0; } -void ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient) +bool ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient) { boost::mutex::scoped_lock lock(m_AnonymousClientsLock); + if (m_AnonymousClients.size() > 25) + return false; + m_AnonymousClients.insert(aclient); + return true; } void ApiListener::RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient) diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp index eb195f5b5..b3894992a 100644 --- a/lib/remote/apilistener.hpp +++ b/lib/remote/apilistener.hpp @@ -79,7 +79,7 @@ public: static void StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata); std::pair GetStatus(); - void AddAnonymousClient(const JsonRpcConnection::Ptr& aclient); + bool AddAnonymousClient(const JsonRpcConnection::Ptr& aclient); void RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient); std::set GetAnonymousClients() const; -- 2.40.0