safe：添加一些基本的防御功能。

2024-12-20 13:22:28 +08:00 · 2024-12-20 13:22:28 +08:00 · 98b5d9fd37
commit 98b5d9fd37
parent 24dbc2f432
3 changed files with 27 additions and 7 deletions
--- a/server/server.cpp
+++ b/server/server.cpp
@ -190,17 +190,27 @@ void CTcpServer::accept_client()
        if (!error) {
            auto endpoint = socket->remote_endpoint();
            std::string client_key = endpoint.address().to_string() + ":" + std::to_string(endpoint.port());
-            logger_->info("New connection from {}", client_key);

+            bool can = false;
            {
                std::lock_guard<std::mutex> lock(cli_mut_);
+                if (client_map_.size() >= 100) {
+                    logger_->info("Max client connections reached. Closing connection from {}", client_key);
+                    socket->close();
+                } else {
+                    logger_->info("New connection from {}", client_key);
                    auto cache = std::make_shared<ClientCache>();
                    cache->socket_ = socket;
                    client_map_[client_key] = cache;
+                    can = true;
                }
-
+            }
+            if (can == false) {
+                std::this_thread::sleep_for(std::chrono::minutes(1));
+            } else {
                client_threads_[client_key] = std::thread(&CTcpServer::th_client, this, socket, client_key);
            }
+        }
        accept_client();
    });
 }
--- a/util/util.cpp
+++ b/util/util.cpp
@ -1,5 +1,6 @@
 #include "util.h"
 #include <cstdint>
+#include <thread>

 std::shared_ptr<spdlog::logger> get_logger(const std::string& mark, const std::string& log_file)
 {
@ -42,6 +43,14 @@ CFrameBuffer* CTransProtocal::parse(CMutBuffer& buffer)
    unsigned char header[] = {0xFF, 0xFE};
    unsigned char tail[] = {0xFF, 0xFF};

+    // 如果超出 1MB的内容都无法解析成功，则认为是有无效客户端参与链接。
+    if (buffer.get_len() > MAX_FRAME_SIZE) {
+        buffer.clear();
+        // 这里故意延迟。
+        std::this_thread::sleep_for(std::chrono::seconds(600));
+        return result;
+    }
+
    int find = buffer.index_of((const char*)header, sizeof(header));
    if (find < 0) {
        return result;
--- a/util/util.h
+++ b/util/util.h
@ -6,7 +6,8 @@
 #include <spdlog/sinks/stdout_color_sinks.h>
 #include <spdlog/spdlog.h>

-constexpr int g_BuffSize = 102400;
+constexpr size_t g_BuffSize = 102400;
+const size_t MAX_FRAME_SIZE = 10 * g_BuffSize;
 enum FrameType : int16_t {
    TYPE_DEFAULT = 0,
    TYPE_GET_LIST,