From 74c1476f6d541af5b5738916265933b4160cc482 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Fri, 10 Sep 2021 21:20:05 +0530
Subject: [PATCH] Disallow more than 10 active receives to prevent DoS attacks

---
 kitty/file_transmission.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kitty/file_transmission.py b/kitty/file_transmission.py
index a10f9f9ed..357fbd296 100644
--- a/kitty/file_transmission.py
+++ b/kitty/file_transmission.py
@@ -23,6 +23,7 @@ from kitty.fast_data_types import (
 from .utils import log_error, sanitize_control_codes
 
 EXPIRE_TIME = 10  # minutes
+MAX_ACTIVE_RECEIVES = 10
 
 
 class NameReprEnum(Enum):
@@ -427,7 +428,7 @@ class FileTransmission:
                 self.drop_receive(cmd.id)
                 return
             if not ar.accepted:
-                log_error(f'File transmission command received for rejected id: {cmd.id}, aborting')
+                log_error(f'File transmission command received for pending id: {cmd.id}, aborting')
                 self.drop_receive(cmd.id)
                 return
             ar.last_activity_at = monotonic()
@@ -435,6 +436,9 @@ class FileTransmission:
             if cmd.action is not Action.send:
                 log_error(f'File transmission command received for unknown or rejected id: {cmd.id}, ignoring')
                 return
+            if len(self.active_receives) >= MAX_ACTIVE_RECEIVES:
+                log_error('New File transmission send with too many active receives, ignoring')
+                return
             ar = self.active_receives[cmd.id] = ActiveReceive(cmd.id, cmd.quiet, cmd.password)
             self.start_receive(ar.id)
             return