Prevent instability and crash due to message flood

This patch adds a rate limiting to selected patches. The underlying rate limiter
used is the Leaky-Bucket algorithm. It allows for a burst of messages, but
limits them after a specified amount of messages within a time frame.

1 files changed, 17 insertions, 0 deletions

diff --git a/src/murmur/Messages.cpp b/src/murmur/Messages.cpp
index 967cff794..1739378e1 100644
--- a/src/murmur/Messages.cpp
+++ b/src/murmur/Messages.cpp
@@ -17,6 +17,11 @@
 #include "Version.h"
 #include "CryptState.h"
 
+#define RATELIMIT(user) \
+	if (user->leakyBucket.ratelimit(1)) { \
+		return; \
+	}
+
 #define MSG_SETUP(st) \
 	if (uSource->sState != st) { \
 		return; \
@@ -507,6 +512,10 @@ void Server::msgUserState(ServerUser *uSource, MumbleProto::UserState &msg) {
 		return;
 	}
 
+	if (uSource == pDstServerUser) {
+		RATELIMIT(uSource);
+	}
+
 	if (msg.has_channel_id()) {
 		Channel *c = qhChannels.value(msg.channel_id());
 		if (!c || (c == pDstServerUser->cChannel))
@@ -830,6 +839,8 @@ void Server::msgChannelState(ServerUser *uSource, MumbleProto::ChannelState &msg
 		c = qhChannels.value(msg.channel_id());
 		if (! c)
 			return;
+	} else {
+		RATELIMIT(uSource);
 	}
 
 	// Check if the parent exists
@@ -1123,6 +1134,8 @@ void Server::msgTextMessage(ServerUser *uSource, MumbleProto::TextMessage &msg)
 	QSet<ServerUser *> users;
 	QQueue<Channel *> q;
 
+	RATELIMIT(uSource);
+
 	int res = 0;
 	emit textMessageFilterSig(res, uSource, msg);
 	switch (res) {
@@ -1241,6 +1254,8 @@ void Server::msgACL(ServerUser *uSource, MumbleProto::ACL &msg) {
 		return;
 	}
 
+	RATELIMIT(uSource);
+
 	if (msg.has_query() && msg.query()) {
 		QStack<Channel *> chans;
 		Channel *p;
@@ -1497,6 +1512,8 @@ void Server::msgContextAction(ServerUser *uSource, MumbleProto::ContextAction &m
 }
 
 void Server::msgVersion(ServerUser *uSource, MumbleProto::Version &msg) {
+	RATELIMIT(uSource);
+
 	if (msg.has_version())
 		uSource->uiVersion=msg.version();
 	if (msg.has_release())