From d98359abefd58e43bb0e31158ec9c7683b36690f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Sat, 30 Nov 2024 22:41:22 -0500
Subject: [PATCH] Move max concurrent connections check into
 http_session_thread()

We can't send a 4xx error (ie: client did something wrong) in
plaintext on a TLS connection.

Untested beyond a basic compile check.
---
 src/sbbs3/websrvr.c | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index e3c33baae4..a412fb336f 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -6804,6 +6804,17 @@ void http_session_thread(void* arg)
 
 	session.subscan=(subscan_t*)calloc(scfg.total_subs, sizeof(subscan_t));
 
+	if(startup->max_concurrent_connections > 0) {
+		int ip_len = strlen(session.host_ip) + 1;
+		uint connections = listCountMatches(&current_connections, session.host_ip, ip_len);
+		if(connections >= startup->max_concurrent_connections
+			&& !is_host_exempt(&scfg, session.host_ip, /* host_name */NULL)) {
+			lprintf(LOG_NOTICE, "%04d [%s] !Maximum concurrent connections (%u) exceeded"
+				,socket, session.host_ip, startup->max_concurrent_connections);
+			send_error(&session, __LINE__, error_429);
+		}
+	}
+
 	while(!session.finished) {
 		init_error=false;
 	    memset(&(session.req), 0, sizeof(session.req));
@@ -7427,23 +7438,6 @@ void web_server(void* arg)
 
 			inet_addrtop(&client_addr, host_ip, sizeof(host_ip));
 
-			if(startup->max_concurrent_connections > 0) {
-				int ip_len = strlen(host_ip) + 1;
-				uint connections = listCountMatches(&current_connections, host_ip, ip_len);
-				if(connections >= startup->max_concurrent_connections
-					&& !is_host_exempt(&scfg, host_ip, /* host_name */NULL)) {
-					lprintf(LOG_NOTICE, "%04d [%s] !Maximum concurrent connections (%u) exceeded"
-						,client_socket, host_ip, startup->max_concurrent_connections);
-					static int len_429;
-					if(len_429 < 1)
-						len_429 = strlen(error_429);
-					if(sendsocket(client_socket, error_429, len_429) != len_429)
-						lprintf(LOG_ERR, "%04d FAILED sending error 429", client_socket);
-					close_socket(&client_socket);
-					continue;
-				}
-			}
-
 			if(trashcan(&scfg,host_ip,"ip-silent")) {
 				close_socket(&client_socket);
 				continue;
-- 
GitLab