Possible to cause server lag or denial of service by spamming search requests

minetest-mods / unified_inventory

An extensible inventory mod which allows searching crafting and browsing for recipes in the same dialogue.

Other

50 stars 38 forks source link

Possible to cause server lag or denial of service by spamming search requests #215

Closed Montandalar closed 2 years ago

Montandalar commented 2 years ago

L-Dog on Minetest forums reports that it's possible to cause major disruptive lag simply by spamming searches. A per-player rate limit should probably be applied to unified_inventory.apply_filter, especially since that can iterate all of minetest.registered_items.

fluxionary commented 2 years ago

been somewhat aware of this issue for a while. a rate limiter would be welcome.

SmallJoker commented 2 years ago

https://github.com/minetest-mods/unified_inventory/blob/177debd13ce27db9538b35e2443ed233105b79d6/callbacks.lua#L75-L82

Duplicates are already ignored. Perhaps it would make sense to optimize apply_filter instead. I will have a look into that.

Niklp09 commented 2 years ago

https://github.com/minetest-mods/unified_inventory/issues/192

SmallJoker commented 2 years ago

Whoever encounters this issue in the newest Unified Inventory version is kindly asked to provide reproduction steps. At best, also profile the mod to narrow down the callbacks/functions that take longest.

Closing until further information is provided.