diff options
author | Thilo Schulz <arny@ats.s.bawue.de> | 2012-07-01 14:18:31 +0000 |
---|---|---|
committer | Tim Angus <tim@ngus.net> | 2013-01-12 20:46:28 +0000 |
commit | ba818d148b17cf9c054f06570c00cee8e92fee6d (patch) | |
tree | 9201751c814dc433d7c9ced151e728798034d52a | |
parent | 3f86ab4a2a4bc6ee948e9efc357e8eef772b8012 (diff) |
prevent using getinfo as an amplifier for DDOS attacks (#5678). Patch by DevHC
-rw-r--r-- | src/server/sv_main.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/server/sv_main.c b/src/server/sv_main.c index 0d15f2c2..bee0ec19 100644 --- a/src/server/sv_main.c +++ b/src/server/sv_main.c @@ -394,6 +394,7 @@ struct leakyBucket_s { static leakyBucket_t buckets[ MAX_BUCKETS ]; static leakyBucket_t *bucketHashes[ MAX_HASHES ]; +static leakyBucket_t outboundLeakyBucket; /* ================ @@ -566,7 +567,6 @@ static void SVC_Status( netadr_t from ) { int statusLength; int playerLength; char infostring[MAX_INFO_STRING]; - static leakyBucket_t bucket; // Prevent using getstatus as an amplifier if ( SVC_RateLimitAddress( from, 10, 1000 ) ) { @@ -577,7 +577,7 @@ static void SVC_Status( netadr_t from ) { // Allow getstatus to be DoSed relatively easily, but prevent // excess outbound bandwidth usage when being flooded inbound - if ( SVC_RateLimit( &bucket, 10, 100 ) ) { + if ( SVC_RateLimit( &outboundLeakyBucket, 10, 100 ) ) { Com_DPrintf( "SVC_Status: rate limit exceeded, dropping request\n" ); return; } @@ -622,6 +622,20 @@ void SVC_Info( netadr_t from ) { char *gamedir; char infostring[MAX_INFO_STRING]; + // Prevent using getinfo as an amplifier + if ( SVC_RateLimitAddress( from, 10, 1000 ) ) { + Com_DPrintf( "SVC_Info: rate limit from %s exceeded, dropping request\n", + NET_AdrToString( from ) ); + return; + } + + // Allow getinfo to be DoSed relatively easily, but prevent + // excess outbound bandwidth usage when being flooded inbound + if ( SVC_RateLimit( &outboundLeakyBucket, 10, 100 ) ) { + Com_DPrintf( "SVC_Info: rate limit exceeded, dropping request\n" ); + return; + } + /* * Check whether Cmd_Argv(1) has a sane length. This was not done in the original Quake3 version which led * to the Infostring bug discovered by Luigi Auriemma. See http://aluigi.altervista.org/ for the advisory. |