Skip to content

Commit

Permalink
AsyncEvents/ServerSideEvents: prevent internal DOS by prevent overflo…
Browse files Browse the repository at this point in the history 
…wing messageQueue (#621)

* Prevent tcp/wifi DOS lockup by preventing number of messages in queue, drop otherwise

* Define (renamed) MAX_SSE_Clients
  • Loading branch information
@iafilius @me-no-dev
iafilius authored and me-no-dev committed Oct 17, 2019
1 parent a84f169 commit f13685e
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/AsyncEventSource.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,10 +184,14 @@ void AsyncEventSourceClient::_queueMessage(AsyncEventSourceMessage *dataMessage)
delete dataMessage;
return;
}

_messageQueue.add(dataMessage);

_runQueue();
if(_messageQueue.length() >= SSE_MAX_QUEUED_MESSAGES){
ets_printf("ERROR: Too many messages queued\n");
delete dataMessage;
} else {
_messageQueue.add(dataMessage);
}
if(_client->canSend())
_runQueue();
}

void AsyncEventSourceClient::_onAck(size_t len, uint32_t time){
Expand Down
17 changes: 17 additions & 0 deletions src/AsyncEventSource.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,28 @@
#include <Arduino.h>
#ifdef ESP32
#include <AsyncTCP.h>
#define SSE_MAX_QUEUED_MESSAGES 32
#else
#include <ESPAsyncTCP.h>
#define SSE_MAX_QUEUED_MESSAGES 8
#endif
#include <ESPAsyncWebServer.h>

#include "AsyncWebSynchronization.h"

#ifdef ESP8266
#include <Hash.h>
#ifdef CRYPTO_HASH_h // include Hash.h from espressif framework if the first include was from the crypto library
#include <../src/Hash.h>
#endif
#endif

#ifdef ESP32
#define DEFAULT_MAX_SSE_CLIENTS 8
#else
#define DEFAULT_MAX_SSE_CLIENTS 4
#endif

class AsyncEventSource;
class AsyncEventSourceResponse;
class AsyncEventSourceClient;
Expand Down

0 comments on commit f13685e

Please sign in to comment.