Software /
code /
prosody-modules
Changeset
3634:915e32d5a147
mod_smacks: fix bug for missbehaving clients sending multiple acks in a row
Missbehaving clients, sending multiple acks in a row (I'm looking at you Monal!)
triggered the ack-loop-prevention code added in 2017, leaving unacked stanzas
in the queue. This fixes the bug while still preventing ack-loops.
author | tmolitor <thilo@eightysoft.de> |
---|---|
date | Tue, 30 Jul 2019 02:07:13 +0200 (2019-07-30) |
parents | 3633:6b0db0f2d57a |
children | 3635:fd054689a64c |
files | mod_smacks/mod_smacks.lua |
diffstat | 1 files changed, 6 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_smacks/mod_smacks.lua Tue Jul 30 01:46:57 2019 +0200 +++ b/mod_smacks/mod_smacks.lua Tue Jul 30 02:07:13 2019 +0200 @@ -160,6 +160,10 @@ local function request_ack_if_needed(session, force, reason) local queue = session.outgoing_stanza_queue; if session.awaiting_ack == nil and not session.hibernating then + -- this check of last_queue_count prevents ack-loops if missbehaving clients report wrong + -- stanza counts. it is set when an <r> is really sent (e.g. inside timer), preventing any + -- further requests until the queue count changes (either by incoming acks or by adding + -- more stanzas) if (#queue > max_unacked_stanzas and session.last_queue_count ~= #queue) or force then session.log("debug", "Queuing <r> (in a moment) from %s - #queue=%d", reason, #queue); session.awaiting_ack = false; @@ -167,8 +171,9 @@ if not session.awaiting_ack and not session.hibernating then session.log("debug", "Sending <r> (inside timer, before send)"); (session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks })) + session.awaiting_ack = true; + session.last_queue_count = #queue; session.log("debug", "Sending <r> (inside timer, after send)"); - session.awaiting_ack = true; if not session.delayed_ack_timer then session.delayed_ack_timer = stoppable_timer(delayed_ack_timeout, function() delayed_ack_function(session); @@ -187,8 +192,6 @@ session.log("debug", "Calling delayed_ack_function directly (still waiting for ack)"); delayed_ack_function(session); end - - session.last_queue_count = #queue; end local function outgoing_stanza_filter(stanza, session) @@ -587,7 +590,6 @@ return false; -- Kick the session end session.log("debug", "Sending <r> (read timeout)"); - session.awaiting_ack = false; (session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks })); session.awaiting_ack = true; if not session.delayed_ack_timer then