From fd7072f74ce183c840dd65d8983dfa159374c7c0 Mon Sep 17 00:00:00 2001
From: Tim Angus <tim@ngus.net>
Date: Mon, 10 Jun 2013 20:30:48 +0100
Subject: Rate limit getchallenge

---
 src/server/sv_client.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/server/sv_client.c')

diff --git a/src/server/sv_client.c b/src/server/sv_client.c
index 6199c01f..a895879f 100644
--- a/src/server/sv_client.c
+++ b/src/server/sv_client.c
@@ -63,6 +63,20 @@ void SV_GetChallenge(netadr_t from)
 	char *gameName;
 	qboolean gameMismatch;
 
+	// Prevent using getchallenge as an amplifier
+	if ( SVC_RateLimitAddress( from, 10, 1000 ) ) {
+		Com_DPrintf( "SV_GetChallenge: rate limit from %s exceeded, dropping request\n",
+			NET_AdrToString( from ) );
+		return;
+	}
+
+	// Allow getchallenge to be DoSed relatively easily, but prevent
+	// excess outbound bandwidth usage when being flooded inbound
+	if ( SVC_RateLimit( &outboundLeakyBucket, 10, 100 ) ) {
+		Com_DPrintf( "SV_GetChallenge: rate limit exceeded, dropping request\n" );
+		return;
+	}
+
 	gameName = Cmd_Argv(2);
 
 	gameMismatch = !*gameName || strcmp(gameName, com_gamename->string) != 0;
-- 
cgit