From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 9 Apr 2018 09:17:48 +0000 (+0100)
Subject: [Fix] Leak from bucket before checking the burst
X-Git-Tag: 1.7.3~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de3cd8a03db19657454a8f45d1b5aa3577526ac1;p=thirdparty%2Frspamd.git

[Fix] Leak from bucket before checking the burst
---

diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua
index 329bc9095e..2b6989e1a9 100644
--- a/src/plugins/lua/ratelimit.lua
+++ b/src/plugins/lua/ratelimit.lua
@@ -74,11 +74,13 @@ local bucket_check_script = [[
     local rate = tonumber(KEYS[3])
     local dyn = tonumber(redis.call('HGET', KEYS[1], 'dr')) / 10000.0
     rate = rate * dyn
-    redis.call('HINCRBYFLOAT', KEYS[1], 'b', -((now - last) * rate))
+    local leaked = ((now - last) * rate)
+    burst = burst - leaked
+    redis.call('HINCRBYFLOAT', KEYS[1], 'b', -(leaked))
    end
    local dyn = tonumber(redis.call('HGET', KEYS[1], 'db')) / 10000.0
 
-   if tonumber(burst) * tonumber(dyn) > tonumber(KEYS[4]) then
+   if burst * dyn > tonumber(KEYS[4]) then
     return 1
    end
   else