Disallow more than 10 active receives to prevent DoS attacks

2026-06-08 14:18:26 +02:00 · 2021-09-10 21:20:05 +05:30
parent 24255be0bd
commit 74c1476f6d
1 changed files with 5 additions and 1 deletions
--- a/kitty/file_transmission.py
+++ b/kitty/file_transmission.py
@@ -23,6 +23,7 @@ from kitty.fast_data_types import (
 from .utils import log_error, sanitize_control_codes

 EXPIRE_TIME = 10  # minutes
+MAX_ACTIVE_RECEIVES = 10


 class NameReprEnum(Enum):
@@ -427,7 +428,7 @@ class FileTransmission:
                self.drop_receive(cmd.id)
                return
            if not ar.accepted:
-                log_error(f'File transmission command received for rejected id: {cmd.id}, aborting')
+                log_error(f'File transmission command received for pending id: {cmd.id}, aborting')
                self.drop_receive(cmd.id)
                return
            ar.last_activity_at = monotonic()
@@ -435,6 +436,9 @@ class FileTransmission:
            if cmd.action is not Action.send:
                log_error(f'File transmission command received for unknown or rejected id: {cmd.id}, ignoring')
                return
+            if len(self.active_receives) >= MAX_ACTIVE_RECEIVES:
+                log_error('New File transmission send with too many active receives, ignoring')
+                return
            ar = self.active_receives[cmd.id] = ActiveReceive(cmd.id, cmd.quiet, cmd.password)
            self.start_receive(ar.id)
            return