From cc4bc6526fa4e46a132bfdf5de06765df50285ee Mon Sep 17 00:00:00 2001 From: UkoeHB <37489173+UkoeHB@users.noreply.github.com> Date: Wed, 4 Sep 2024 18:09:11 -0500 Subject: [PATCH] fix potential DDOS by honest clients when servers are at capacity (#108) --- CHANGELOG.md | 1 + src/client.rs | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 532dcba..ee96c3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## v0.6.3 - Allow users to use tokio v2.4.0 in their projects. See [#106](https://github.com/gbaranski/ezsockets/pull/106). +- Fix DDOS by honest clients when servers check capacity *after* clients connect. ## v0.6.2 diff --git a/src/client.rs b/src/client.rs index cdec61d..86c59dd 100644 --- a/src/client.rs +++ b/src/client.rs @@ -567,6 +567,9 @@ impl ClientActor { match self.client.on_close(frame).await? { ClientCloseMode::Reconnect => { std::mem::drop(socket); + // Sleep so honest clients won't DDOS the server if it is at capacity and if + // capacity is checked *after* clients connect. + sleep(self.config.reconnect_interval).await; let Some(socket) = client_connect( self.config.max_reconnect_attempts, &self.config, @@ -594,6 +597,7 @@ impl ClientActor { match self.client.on_disconnect().await? { ClientCloseMode::Reconnect => { std::mem::drop(socket); + // Note: We don't sleep here unlike above because a disconnect is assumed to be a network error. let Some(socket) = client_connect( self.config.max_reconnect_attempts, &self.config,