Validate inproxy MaxClients

psiphon/common/inproxy/proxy.go

@@ -123,7 +123,7 @@ type ProxyConfig struct {
 	MustUpgrade func()
 
 	// MaxClients is the maximum number of clients that are allowed to connect
-	// to the proxy.
+	// to the proxy. Must be > 0.
 	MaxClients int
 
 	// LimitUpstreamBytesPerSecond limits the upstream data transfer rate for
@@ -154,6 +154,10 @@ type ActivityUpdater func(
 // NewProxy initializes a new Proxy with the specified configuration.
 func NewProxy(config *ProxyConfig) (*Proxy, error) {
 
+	if config.MaxClients <= 0 {
+		return nil, errors.TraceNew("invalid MaxClients")
+	}
+
 	p := &Proxy{
 		config: config,
 	}

psiphon/config.go

@@ -633,7 +633,7 @@ type Config struct {
 	InproxyProxySessionPrivateKey string
 
 	// InproxyMaxClients specifies the maximum number of in-proxy clients to
-	// be proxied concurrently.
+	// be proxied concurrently. Must be > 0 when InproxyEnableProxy is set.
 	InproxyMaxClients int
 
 	// InproxyLimitUpstreamBytesPerSecond specifies the upstream byte transfer
@@ -1407,6 +1407,10 @@ func (config *Config) Commit(migrateFromLegacyFields bool) error {
 		return errors.TraceNew("invalid ObfuscatedSSHAlgorithms")
 	}
 
+	if config.InproxyEnableProxy && config.InproxyMaxClients <= 0 {
+		return errors.TraceNew("invalid InproxyMaxClients")
+	}
+
 	if !config.DisableTunnels &&
 		config.InproxyEnableProxy &&
 		!GetAllowOverlappingPersonalCompartmentIDs() &&