From fa4d24216fc2f7a61600438b15be3f2bd64c22ba Mon Sep 17 00:00:00 2001
From: crs <cschoeneman@gmail.com>
Date: Sun, 2 Jun 2002 11:49:46 +0000
Subject: [PATCH] now limiting number of simultaneous HTTP requests being
 handled at once.  this is to prevent denial of service.

---
 mt/CCondVar.h      |  3 +--
 server/CServer.cpp | 29 ++++++++++++++++++++++++++++-
 server/CServer.h   |  5 ++++-
 3 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/mt/CCondVar.h b/mt/CCondVar.h
index b0663db8..59b2d90c 100644
--- a/mt/CCondVar.h
+++ b/mt/CCondVar.h
@@ -9,8 +9,7 @@ class CStopwatch;
 class CCondVarBase {
 public:
 	// mutex must be supplied.  all condition variables have an
-	// associated mutex.  the copy c'tor uses the same mutex as the
-	// argument and is otherwise like the default c'tor.
+	// associated mutex.
 	CCondVarBase(CMutex* mutex);
 	~CCondVarBase();
 
diff --git a/server/CServer.cpp b/server/CServer.cpp
index 0de5c196..cc53826f 100644
--- a/server/CServer.cpp
+++ b/server/CServer.cpp
@@ -43,11 +43,15 @@ else { wait(0); exit(1); }
 // CServer
 //
 
+const SInt32			CServer::s_httpMaxSimultaneousRequests = 3;
+
 CServer::CServer() : m_primary(NULL),
 								m_active(NULL),
 								m_primaryInfo(NULL),
 								m_seqNum(0),
-								m_httpServer(NULL)
+								m_httpServer(NULL),
+								m_httpAvailable(&m_mutex,
+										s_httpMaxSimultaneousRequests)
 {
 	m_socketFactory = NULL;
 	m_securityFactory = NULL;
@@ -1128,6 +1132,16 @@ void					CServer::acceptHTTPClients(void*)
 		// accept connections and begin processing them
 		log((CLOG_DEBUG1 "waiting for HTTP connections"));
 		for (;;) {
+			// limit the number of HTTP requests being handled at once
+			{
+				CLock lock(&m_httpAvailable);
+				while (m_httpAvailable == 0) {
+					m_httpAvailable.wait();
+				}
+				assert(m_httpAvailable > 0);
+				m_httpAvailable = m_httpAvailable - 1;
+			}
+
 			// accept connection
 			CThread::testCancel();
 			ISocket* socket = listen->accept();
@@ -1141,6 +1155,7 @@ void					CServer::acceptHTTPClients(void*)
 	}
 	catch (XBase& e) {
 		log((CLOG_ERR "cannot listen for HTTP clients: %s", e.what()));
+		// FIXME -- quit?
 		quit();
 	}
 }
@@ -1163,9 +1178,21 @@ void					CServer::processHTTPRequest(void* vsocket)
 		// clean up
 		socket->close();
 		delete socket;
+
+		// increment available HTTP handlers
+		{
+			CLock lock(&m_httpAvailable);
+			m_httpAvailable = m_httpAvailable + 1;
+			m_httpAvailable.signal();
+		}
 	}
 	catch (...) {
 		delete socket;
+		{
+			CLock lock(&m_httpAvailable);
+			m_httpAvailable = m_httpAvailable + 1;
+			m_httpAvailable.signal();
+		}
 		throw;
 	}
 }
diff --git a/server/CServer.h b/server/CServer.h
index 9f7b32b3..d05bc867 100644
--- a/server/CServer.h
+++ b/server/CServer.h
@@ -6,6 +6,7 @@
 #include "MouseTypes.h"
 #include "CConfig.h"
 #include "CClipboard.h"
+#include "CCondVar.h"
 #include "CMutex.h"
 #include "CString.h"
 #include "CThread.h"
@@ -235,8 +236,10 @@ private:
 
 	CClipboardInfo		m_clipboards[kClipboardEnd];
 
-	// server for processing HTTP requests
+	// HTTP request processing stuff
 	CHTTPServer*		m_httpServer;
+	CCondVar<SInt32>	m_httpAvailable;
+	static const SInt32	s_httpMaxSimultaneousRequests;
 };
 
 #endif