[tor-commits] [donate/master] Fixed bug that let rate be exceeded

peterh at torproject.org peterh at torproject.org
Wed Jun 10 22:48:37 UTC 2020


commit 631e9009dfe04ad4695f5747a85b181033c1b958
Author: Peter Haight <peterh at giantrabbit.com>
Date:   Thu Jan 23 10:02:48 2020 -0800

    Fixed bug that let rate be exceeded
    
    If you started the rate limiter for an IP address and then let it sit
    for awhile, you could get the $allowance to build up over the rate
    limit for a small amount of time.
    
    Issue #44827
---
 src/IpRateLimiter.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/IpRateLimiter.php b/src/IpRateLimiter.php
index b14af3d3..dd69c82e 100644
--- a/src/IpRateLimiter.php
+++ b/src/IpRateLimiter.php
@@ -26,6 +26,8 @@ class IpRateLimiter {
       $this->setIpData($keyName, $allowance, $now);
       $ipAddress = $request->getAttribute('ip_address');
       throw new IpRateExceeded("There have been more than {$this->maxRequestsPerTimeSpan} requests from $ipAddress in the last {$this->timeSpan} seconds.");
+    } elseif ($allowance > $this->maxRequestsPerTimeSpan) {
+      $allowance = $this->maxRequestsPerTimeSpan;
     }
     $allowance -= 1;
     $this->setIpData($keyName, $allowance, $now);
@@ -38,7 +40,6 @@ class IpRateLimiter {
     }
     $struct = unserialize($data, ['allowed_classes', FALSE]);
     if ($struct === FALSE) {
-      $this->logger->debug("Bap\n!");
       return [$this->maxRequestsPerTimeSpan, time()];
     }
     return unserialize($data);





More information about the tor-commits mailing list