From ebb1ae89f3b4a52daaf581e727c0dcbe6b7c103e Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Sun, 20 Sep 2015 03:36:11 +0000
Subject: nntp: fix handling of trickled responses

We cannot use the push_back_read functionality of Danga::Socket
since it will trigger event_read on buffered data.  This would
allow a malicious (or badly implemented) client to burn CPU
without actually sending us anything.

So we still do buffering ourselves and play some tricks with
timers re-enable readability.
---
 public-inbox-nntpd | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'public-inbox-nntpd')

diff --git a/public-inbox-nntpd b/public-inbox-nntpd
index 588efdd3..b66de58e 100644
--- a/public-inbox-nntpd
+++ b/public-inbox-nntpd
@@ -146,7 +146,8 @@ sub worker_quit {
 		my ($dmap, undef) = @_;
 		my $n = 0;
 		foreach my $s (values %$dmap) {
-			if ($s->{write_buf_size} || @{$s->{read_push_back}}) {
+			next unless ref($s) eq 'PublicInbox::NNTP';
+			if ($s->{write_buf_size} || $s->{rbuf}) {
 				++$n;
 			} else {
 				$s->close;
-- 
cgit v1.2.3-24-ge0c7