[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [flashproxy/master] Give remote hosts 2 seconds to make their WebSocket request.



commit d469ec913900395011245fb53b7a0a1bf139d1da
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Thu Mar 29 19:26:03 2012 -0700

    Give remote hosts 2 seconds to make their WebSocket request.
---
 connector.py |   26 ++++++++++++++++++++++++--
 1 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/connector.py b/connector.py
index 07f0f3e..908f988 100755
--- a/connector.py
+++ b/connector.py
@@ -358,6 +358,9 @@ def format_peername(s):
     except socket.error, e:
         return "<unconnected>"
 
+# How long to wait for a WebSocket request on the remote socket. It is limited
+# to avoid Slowloris-like attacks.
+WEBSOCKET_REQUEST_TIMEOUT = 2.0
 
 class WebSocketRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     def __init__(self, request_text, fd):
@@ -601,6 +604,17 @@ def match_proxies():
         if remote.buf:
             local.send_chunk(remote.buf)
 
+class TimeoutSocket(object):
+    def __init__(self, fd):
+        self.fd = fd
+        self.birthday = time.time()
+
+    def age(self):
+        return time.time() - self.birthday
+
+    def __getattr__(self, name):
+        return getattr(self.fd, name)
+
 class RemoteSocket(object):
     def __init__(self, fd, protocols):
         self.fd = fd
@@ -635,12 +649,12 @@ class LocalSocket(object):
 def main():
     while True:
         rset = [remote_s, local_s] + websocket_pending + socks_pending + locals + remotes
-        rset, _, _ = select.select(rset, [], [])
+        rset, _, _ = select.select(rset, [], [], WEBSOCKET_REQUEST_TIMEOUT)
         for fd in rset:
             if fd == remote_s:
                 remote_c, addr = fd.accept()
                 log(u"Remote connection from %s." % format_addr(addr))
-                websocket_pending.append(remote_c)
+                websocket_pending.append(TimeoutSocket(remote_c))
             elif fd == local_s:
                 local_c, addr = fd.accept()
                 log(u"Local connection from %s." % format_addr(addr))
@@ -687,6 +701,14 @@ def main():
                         locals.remove(fd)
                     report_pending()
             match_proxies()
+        while websocket_pending:
+            pending = websocket_pending[0]
+            if pending.age() < WEBSOCKET_REQUEST_TIMEOUT:
+                break
+            log(u"Expired remote connection from %s." % format_peername(pending))
+            pending.close()
+            websocket_pending.pop(0)
+            report_pending()
 
 if __name__ == "__main__":
     opts, args = getopt.gnu_getopt(sys.argv[1:], "hl:", ["daemon", "help", "log=", "pidfile="])



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits