1 files changed, 15 insertions, 1 deletions

diff --git a/debug-me.hs b/debug-me.hs
index 3cc1f09..8ff38ed 100644
--- a/debug-me.hs
+++ b/debug-me.hs
@@ -5,6 +5,7 @@ module Main where
 import Types
 import Hash
 import Pty
+import Memory
 import CmdLine
 import Log
 import Graphviz
@@ -251,7 +252,8 @@ sendPtyInput ichan ochan p backlog logger = go
 			bl <- readTVar backlog
 			-- Don't need to retain backlog before the Activity
 			-- that entered references.
-			let bl'@(Backlog bll) = truncateBacklog bl entered
+			let bl'@(Backlog bll) = reduceBacklog $
+				truncateBacklog bl entered
 			if isLegalEntered entered bl'
 				then do
 					let l = mkActivityLog (ActivityEntered entered) now
@@ -293,6 +295,18 @@ truncateBacklog (Backlog (b :| l)) (Activity _ hp _)
 	truncationpoint x@(ActivityLog { loggedActivity = ActivitySeen {}}) = Just (loggedHash x) == hp
 	truncationpoint _ = False
 
+-- | To avoid DOS attacks that try to fill up the backlog and so use all
+-- memory, don't let the backlog contain more than 1000 items, or
+-- more than 16 megabytes of total data. (Excluding the most recent
+-- item).
+reduceBacklog :: Backlog -> Backlog
+reduceBacklog (Backlog (b :| l)) = Backlog (b :| go 0 (take 1000 l))
+  where
+	go _ [] = []
+	go n (x:xs)
+		| n > 16777216 = []
+		| otherwise = x : go (n + dataSize x) xs
+
 -- | Entered activity is legal when it points to the last Seen activvity,
 -- because this guarantees that the person who entered it saw
 -- the current state of the system before manipulating it.