[tor-commits] [donate/master] Fixed bug that let rate be exceeded
peterh at torproject.org
peterh at torproject.org
Wed Jun 10 22:48:37 UTC 2020
commit 631e9009dfe04ad4695f5747a85b181033c1b958
Author: Peter Haight <peterh at giantrabbit.com>
Date: Thu Jan 23 10:02:48 2020 -0800
Fixed bug that let rate be exceeded
If you started the rate limiter for an IP address and then let it sit
for awhile, you could get the $allowance to build up over the rate
limit for a small amount of time.
Issue #44827
---
src/IpRateLimiter.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/IpRateLimiter.php b/src/IpRateLimiter.php
index b14af3d3..dd69c82e 100644
--- a/src/IpRateLimiter.php
+++ b/src/IpRateLimiter.php
@@ -26,6 +26,8 @@ class IpRateLimiter {
$this->setIpData($keyName, $allowance, $now);
$ipAddress = $request->getAttribute('ip_address');
throw new IpRateExceeded("There have been more than {$this->maxRequestsPerTimeSpan} requests from $ipAddress in the last {$this->timeSpan} seconds.");
+ } elseif ($allowance > $this->maxRequestsPerTimeSpan) {
+ $allowance = $this->maxRequestsPerTimeSpan;
}
$allowance -= 1;
$this->setIpData($keyName, $allowance, $now);
@@ -38,7 +40,6 @@ class IpRateLimiter {
}
$struct = unserialize($data, ['allowed_classes', FALSE]);
if ($struct === FALSE) {
- $this->logger->debug("Bap\n!");
return [$this->maxRequestsPerTimeSpan, time()];
}
return unserialize($data);
More information about the tor-commits
mailing list