AsyncEvents/ServerSideEvents: prevent internal DOS by prevent overflowing messageQueue (#621)

* Prevent tcp/wifi DOS lockup by preventing number of messages in queue, drop otherwise

* Define (renamed) MAX_SSE_Clients

src/AsyncEventSource.cpp

@@ -184,10 +184,14 @@ void AsyncEventSourceClient::_queueMessage(AsyncEventSourceMessage *dataMessage)
     delete dataMessage;
     return;
   }
-
+  if(_messageQueue.length() >= SSE_MAX_QUEUED_MESSAGES){
-  _messageQueue.add(dataMessage);
+      ets_printf("ERROR: Too many messages queued\n");
-
+      delete dataMessage;
-  _runQueue();
+  } else {
+      _messageQueue.add(dataMessage);
+  }
+  if(_client->canSend())
+    _runQueue();
 }
 
 void AsyncEventSourceClient::_onAck(size_t len, uint32_t time){

src/AsyncEventSource.h

@@ -23,11 +23,28 @@
 #include <Arduino.h>
 #ifdef ESP32
 #include <AsyncTCP.h>
+#define SSE_MAX_QUEUED_MESSAGES 32
 #else
 #include <ESPAsyncTCP.h>
+#define SSE_MAX_QUEUED_MESSAGES 8
 #endif
 #include <ESPAsyncWebServer.h>
 
+#include "AsyncWebSynchronization.h"
+
+#ifdef ESP8266
+#include <Hash.h>
+#ifdef CRYPTO_HASH_h // include Hash.h from espressif framework if the first include was from the crypto library
+#include <../src/Hash.h>
+#endif
+#endif
+
+#ifdef ESP32
+#define DEFAULT_MAX_SSE_CLIENTS 8
+#else
+#define DEFAULT_MAX_SSE_CLIENTS 4
+#endif
+
 class AsyncEventSource;
 class AsyncEventSourceResponse;
 class AsyncEventSourceClient;