From de3cd8a03db19657454a8f45d1b5aa3577526ac1 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 9 Apr 2018 10:17:48 +0100
Subject: [PATCH] [Fix] Leak from bucket before checking the burst

---
 src/plugins/lua/ratelimit.lua | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/plugins/lua/ratelimit.lua b/src/plugins/lua/ratelimit.lua
index 329bc9095e..2b6989e1a9 100644
--- a/src/plugins/lua/ratelimit.lua
+++ b/src/plugins/lua/ratelimit.lua
@@ -74,11 +74,13 @@ local bucket_check_script = [[
     local rate = tonumber(KEYS[3])
     local dyn = tonumber(redis.call('HGET', KEYS[1], 'dr')) / 10000.0
     rate = rate * dyn
-    redis.call('HINCRBYFLOAT', KEYS[1], 'b', -((now - last) * rate))
+    local leaked = ((now - last) * rate)
+    burst = burst - leaked
+    redis.call('HINCRBYFLOAT', KEYS[1], 'b', -(leaked))
    end
    local dyn = tonumber(redis.call('HGET', KEYS[1], 'db')) / 10000.0
 
-   if tonumber(burst) * tonumber(dyn) > tonumber(KEYS[4]) then
+   if burst * dyn > tonumber(KEYS[4]) then
     return 1
    end
   else
-- 
2.47.3