[bug] Limit per-session bi-stream concurrency in protocol sessions #350
Description
Affected component
imagod
Summary
A single WebTransport session can spawn an unbounded number of bi-stream handler tasks. Each task reads the full request into memory, up to MAX_STREAM_BYTES, before processing it.
Steps to reproduce
- Open one authenticated WebTransport session.
- Open many bi streams concurrently.
- Send large or slow request bodies on each stream.
- Observe task count and memory growth on the daemon.
Expected behavior
The daemon should enforce a per-session in-flight stream limit and should avoid whole-request buffering where possible.
Actual behavior
run_session spawns a new task for each accepted bi stream with no per-session semaphore, and read_stream_with_timeout reads the entire request into a Vec<u8> up to 16 MiB.
Version
Environment
other
Resource impact (optional)
memory DoS risk: one authenticated client can force many in-flight tasks and up to 16 MiB full-buffer reads per stream.
Additional context
Evidence:
crates/imagod-server/src/protocol_handler/session_loop.rs:142crates/imagod-server/src/protocol_handler/session_loop.rs:151crates/imagod-server/src/protocol_handler/session_loop.rs:656
Suggested direction:
- Add a per-session semaphore for accepted streams.
- Move toward incremental decode instead of
read_to_endfor framed requests. - Consider closing abusive sessions instead of only failing the individual stream.