Skip to content

Commit

Permalink
Merge pull request #291 from nhooyr/dos-56b8
Browse files Browse the repository at this point in the history
Fix DOS attack from malicious pongs
  • Loading branch information
nhooyr authored Apr 7, 2021
2 parents e4c3b0f + b0d7a27 commit 3604edc
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 4 deletions.
4 changes: 2 additions & 2 deletions ci/container/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ RUN go get golang.org/x/tools/cmd/stringer
RUN go get golang.org/x/lint/golint
RUN go get github.com/agnivade/wasmbrowsertest

RUN npm install -g prettier
RUN npm install -g netlify-cli
RUN npm --unsafe-perm=true install -g prettier
RUN npm --unsafe-perm=true install -g netlify-cli
2 changes: 1 addition & 1 deletion conn_notjs.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ func (c *Conn) Ping(ctx context.Context) error {
}

func (c *Conn) ping(ctx context.Context, p string) error {
pong := make(chan struct{})
pong := make(chan struct{}, 1)

c.activePingsMu.Lock()
c.activePings[p] = pong
Expand Down
5 changes: 4 additions & 1 deletion read.go
Original file line number Diff line number Diff line change
Expand Up @@ -271,7 +271,10 @@ func (c *Conn) handleControl(ctx context.Context, h header) (err error) {
pong, ok := c.activePings[string(b)]
c.activePingsMu.Unlock()
if ok {
close(pong)
select {
case pong <- struct{}{}:
default:
}
}
return nil
}
Expand Down

0 comments on commit 3604edc

Please sign in to comment.