From f11191a8185c152f8777bead8c1ad4771f158699 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Wed, 29 Jun 2016 20:43:14 +0100
Subject: [PATCH] rpc: restrict number of fake outs requested in restricted rpc
 mode

---
 src/rpc/core_rpc_server.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index cfe1057ac..ca18e7e09 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -41,6 +41,8 @@ using namespace epee;
 #include "crypto/hash.h"
 #include "core_rpc_server_error_codes.h"
 
+#define MAX_RESTRICTED_FAKE_OUTS_COUNT 40
+
 namespace cryptonote
 {
 
@@ -189,6 +191,16 @@ namespace cryptonote
   {
     CHECK_CORE_BUSY();
     res.status = "Failed";
+
+    if (m_restricted)
+    {
+      if (req.amounts.size() > 100 || req.outs_count > MAX_RESTRICTED_FAKE_OUTS_COUNT)
+      {
+        res.status = "Too many outs requested";
+        return true;
+      }
+    }
+
     if(!m_core.get_random_outs_for_amounts(req, res))
     {
       return true;