From cac506f664e265b772e416f276b48b8bfad50dad Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Sun, 11 Mar 2012 15:07:48 +0100 Subject: [PATCH] Fix pr_player() and upr_player() to obey max_idle The output queue flush can block indefinitely. Permits a client to hog the thread indefinitely by not reading output. Broken in commit 08b94556 (v4.3.20) "Reimplement max_idle without a separate thread". Until then, the idle thread aborted a stuck attempt to flush output. Denial of service seems possible. --- src/lib/subs/pr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/subs/pr.c b/src/lib/subs/pr.c index 57064e8fd..fb46bef02 100644 --- a/src/lib/subs/pr.c +++ b/src/lib/subs/pr.c @@ -58,6 +58,7 @@ #include "journal.h" #include "misc.h" #include "nat.h" +#include "optlist.h" #include "player.h" #include "proto.h" #include "prototypes.h" @@ -333,7 +334,9 @@ player_output_some(void) { time_t deadline; - deadline = (time_t)(player->may_sleep == PLAYER_SLEEP_FREELY ? -1 : 0); + deadline = player->curup + minutes(max_idle); + if (player->may_sleep != PLAYER_SLEEP_FREELY) + deadline = 0; while (io_output_if_queue_long(player->iop, deadline) > 0) ; } -- 2.43.0