Merge pull request #101 from grandcat/revert-94-dos-protect-sent-entries

Revert "don't cache more than 1024 entries, to avoid DoS attacks"
grandcat · Jul 6, 2021 · 60fce55 · 60fce55
2 parents 60421fc + 9782d65
commit 60fce55
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 74 deletions.
diff --git a/client.go b/client.go
@@ -26,9 +26,6 @@ const (
 	IPv4AndIPv6 = (IPv4 | IPv6) //< Default option.
 )
 
-// DoS protection: we won't cache more than 1024 entries when receiving entries.
-var maxSentEntries = 1024
-
 type clientOpts struct {
 	listenOn IPType
 	ifaces   []net.Interface
@@ -296,12 +293,6 @@ func (c *client) mainloop(ctx context.Context, params *lookupParams) {
 				// This is also a point to possibly stop probing actively for a
 				// service entry.
 				params.Entries <- e
-				// DoS protection: don't cache more than maxSentEntries entries
-				if len(sentEntries) >= maxSentEntries {
-					for key := range sentEntries {
-						delete(sentEntries, key)
-					}
-				}
 				sentEntries[k] = e
 				if !params.isBrowsing {
 					params.disableProbing()

diff --git a/service_test.go b/service_test.go
@@ -2,15 +2,14 @@ package zeroconf
 
 import (
 	"context"
-	"fmt"
 	"log"
 	"testing"
 	"time"
 
 	"github.com/pkg/errors"
 )
 
-const (
+var (
 	mdnsName    = "test--xxxxxxxxxxxx"
 	mdnsService = "_test--xxxx._tcp"
 	mdnsSubtype = "_test--xxxx._tcp,_fancy"
@@ -164,67 +163,4 @@ func TestSubtype(t *testing.T) {
 			t.Fatalf("Expected port is %d, but got %d", mdnsPort, result.Port)
 		}
 	})
-
-	t.Run("DoS protection", func(t *testing.T) {
-		origMaxSentEntries := maxSentEntries
-		maxSentEntries = 10
-		defer func() { maxSentEntries = origMaxSentEntries }()
-
-		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-		defer cancel()
-
-		const firstName = mdnsName
-
-		go startMDNS(ctx, mdnsPort, firstName, mdnsSubtype, mdnsDomain)
-		time.Sleep(time.Second)
-
-		resolver, err := NewResolver(nil)
-		if err != nil {
-			t.Fatalf("Expected create resolver success, but got %v", err)
-		}
-		entries := make(chan *ServiceEntry, maxSentEntries+1)
-		received := make(chan *ServiceEntry, 10)
-		go func() {
-			for {
-				select {
-				case entry := <-entries:
-					if entry.Instance == firstName {
-						received <- entry
-					}
-				case <-ctx.Done():
-					return
-				}
-			}
-		}()
-		if err := resolver.Browse(ctx, mdnsService, mdnsDomain, entries); err != nil {
-			t.Fatalf("Expected browse success, but got %v", err)
-		}
-		select {
-		case <-received:
-		case <-time.NewTimer(time.Second).C:
-			t.Fatal("expected to discover service")
-		}
-
-		for i := 1; i < maxSentEntries; i++ {
-			go startMDNS(ctx, mdnsPort, fmt.Sprintf("%s-%d", mdnsName, i), mdnsSubtype, mdnsDomain)
-		}
-		time.Sleep(time.Second)
-
-		select {
-		case entry := <-entries:
-			t.Fatalf("didn't expect to receive an entry, got %v", entry)
-		default:
-		}
-
-		// Announcing this service will cause the map to overflow.
-		go startMDNS(ctx, mdnsPort, fmt.Sprintf("%s-%d", mdnsName, maxSentEntries), mdnsSubtype, mdnsDomain)
-
-		// wait for a re-announcement of the firstName service
-		select {
-		case <-received:
-			cancel()
-		case <-ctx.Done():
-			t.Fatal("expected to discover service")
-		}
-	})
 }