Skip to content

fix: Subscription stream resource leak#2279

Open
sergerad wants to merge 1 commit into
nextfrom
sergerad-subscription-leak-fix
Open

fix: Subscription stream resource leak#2279
sergerad wants to merge 1 commit into
nextfrom
sergerad-subscription-leak-fix

Conversation

@sergerad

@sergerad sergerad commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator

Problem

A subscription stream client can connect with a starting block greater than the node's current tip. If that client disconnects, the resources reserved for that client are only cleaned up when the node's current tip reaches the starting block specified by the client. Clients can thereby cause resource leaks with malicious requests.

Solution

Whenever the node's current tip changes, also check for client disconnection. Release associated resources if client has disconnected at this point.

Changelog

changelog = "none"
reason    = "Internal change only."

@sergerad sergerad mentioned this pull request Jun 24, 2026
Open
@Mirko-von-Leipzig

Mirko-von-Leipzig commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator

Is the core problem not that we allow such requests at all?

For example, even with this fix, we still allow a client to submit with u64::MAX and they therefore reserve a stream permanently without having to do any work.

@sergerad

sergerad commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator Author

Is the core problem not that we allow such requests at all?

For example, even with this fix, we still allow a client to submit with u64::MAX and they therefore reserve a stream permanently without having to do any work.

Yea I was thinking that we should probably allow some reasonable upper limit like current tip + 100 blocks. Just in case the flexibility is beneficial for any reason in the future?

Otherwise yes, the alternative is to reject any such requests in the first place. LMK What you prefer.

@Mirko-von-Leipzig

Mirko-von-Leipzig commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Is the core problem not that we allow such requests at all?
For example, even with this fix, we still allow a client to submit with u64::MAX and they therefore reserve a stream permanently without having to do any work.

Yea I was thinking that we should probably allow some reasonable upper limit like current tip + 100 blocks. Just in case the flexibility is beneficial for any reason in the future?

Otherwise yes, the alternative is to reject any such requests in the first place. LMK What you prefer.

What I want to avoid is logic like this PR where there are multiple "hidden" branch layers to cater for random edge case fixes.

So I think lets rather reject if its not within a small margin of the current tip e.g. like 10 blocks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mirko-von-Leipzig Mirko-von-Leipzig Awaiting requested review from Mirko-von-Leipzig
@kkovaacs kkovaacs Awaiting requested review from kkovaacs

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sergerad @Mirko-von-Leipzig