From: Omar Polo Subject: Re: gotd flush packets To: Stefan Sperling Cc: gameoftrees@openbsd.org Date: Fri, 20 Jan 2023 20:04:51 +0100 On 2023/01/20 19:57:59 +0100, Stefan Sperling wrote: > Someone did a silly thing against our public git mirror: > > Jan 20 19:20:23 florabel gotd[74429]: received flush-pkt from uid 1002 > Jan 20 19:20:43 florabel last message repeated 251236 times > Jan 20 19:20:43 florabel gotd[70339]: list-refs request from uid 1002 > Jan 20 19:20:43 florabel gotd[74429]: received flush-pkt from uid 1002 > Jan 20 19:21:14 florabel last message repeated 386788 times > Jan 20 19:21:43 florabel last message repeated 367291 times > > There can of course be various variations of something like this in the > git protocol, so the patch below is not fool proof. But it is relatively > easy to catch the above case and we have to start somehwere. > If you are the person who triggered this, please let me know if you > are willing to help with developing countermeasures for such things, > It would be fun and be more productive use of your time. We should have > tests for such cases in our test suite to start with. > > As far as I understand the Git protocol docs there are only three places > where we expect a flush packet from the client: > > - After sending our ref announcement we can receive a flush packet > if the client decides it does not want anything. > - The list of want lines during fetch is terminated by a flush packet. > - The list of ref-updates lines during send is terminated by a flush packet. that's my understanding as well > The test suite is happy and trivial manual fetch/send testing suggests > both fetch and send still works with both got and git clients. > > ok? ok op can't test right now but the idea seems sound to me and the diff reads fine. (might be able to write a test case for this sometime tomorrow if nobody beats me to it :-)