From e99d725e76e7940fd9c0850b6c15d8bc9dd7115c Mon Sep 17 00:00:00 2001 From: Andy Green Date: Tue, 15 Aug 2017 08:06:32 +0800 Subject: [PATCH] ah: reuse at end of transaction has no timeout If we complete a transaction but end up keeping the ah, we must force a timeout on it. Otherwise a bad bot could keep the socket open and exhaust the ah pool. --- lib/server.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/server.c b/lib/server.c index b1927c32..62b49de4 100644 --- a/lib/server.c +++ b/lib/server.c @@ -1744,8 +1744,17 @@ lws_http_transaction_completed(struct lws *wsi) if (!wsi->more_rx_waiting) { wsi->u.hdr.ah->rxpos = wsi->u.hdr.ah->rxlen; lws_header_table_detach(wsi, 1); - } else + } else { lws_header_table_reset(wsi, 1); + /* + * If we kept the ah, we should restrict the amount + * of time we are willing to keep it. Otherwise it + * will be bound the whole time the connection remains + * open. + */ + lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, + wsi->vhost->keepalive_timeout); + } } /* If we're (re)starting on headers, need other implied init */