Skip to content

Cap per-connection recv drain to prevent poll-loop starvation (fixes #76)#77

Draft
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/application-security-review-c6ed
Draft

Cap per-connection recv drain to prevent poll-loop starvation (fixes #76)#77
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/application-security-review-c6ed

Conversation

@cursor

@cursor cursor Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Security fix: server recv fairness cap

Fixes #76

Finding

Severity: Medium (availability / DoS)
Location: src/server/mod.rs

Problem

Server::process_connections() drained each peer's entire kernel recv buffer in an unbounded inner loop before servicing the next connection. A single high-volume sender could monopolize the single-threaded poll loop and starve every other session on the same Server.

Fix

Introduce MAX_RECV_BYTES_PER_CONN_PER_POLL (256 KiB) and stop recv-draining a connection once that budget is exhausted for the current poll pass. Remaining bytes are picked up on the next poll() call, giving other connections a turn.

Impact

Prevents connection-starvation DoS against co-located RTMP sessions without affecting normal throughput (256 KiB per poll is sufficient for steady-state media).

Tests

  • server::tests::recv_budget_is_at_least_one_socket_read
  • server::tests::recv_budget_is_small_enough_for_fairness_across_connections
  • Full cargo test --no-default-features green
Open in Web View Automation 

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

A peer that keeps its kernel recv buffer full could monopolize
process_connections() and starve every other session until the socket
was drained. Limit each connection to 256 KiB per poll pass.

Co-authored-by: Alexander Wagner <info@alexanderwagnerdev.com>
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 0b55ae44-d287-48f5-b8d4-074e2a0a801d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cursor/application-security-review-c6ed

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Server recv loop monopolization allows connection starvation DoS

1 participant