add a sanity check to RPC input data size

reported by m31007
pull/470/head
moneromooo-monero 2 years ago
parent 9f814edbd7
commit 9209880e9c
No known key found for this signature in database
GPG Key ID: 686F07454D6CEFC3

@ -55,6 +55,7 @@ namespace net_utils
std::string m_folder;
std::vector<std::string> m_access_control_origins;
boost::optional<login> m_user;
size_t m_max_content_length{std::numeric_limits<size_t>::max()};
critical_section m_lock;
};
@ -141,6 +142,7 @@ namespace net_utils
config_type& m_config;
bool m_want_close;
size_t m_newlines;
size_t m_bytes_read;
protected:
i_service_endpoint* m_psnd_hndlr;
t_connection_context& m_conn_context;

@ -206,6 +206,7 @@ namespace net_utils
m_config(config),
m_want_close(false),
m_newlines(0),
m_bytes_read(0),
m_psnd_hndlr(psnd_hndlr),
m_conn_context(conn_context)
{
@ -221,6 +222,7 @@ namespace net_utils
m_query_info.clear();
m_len_summary = 0;
m_newlines = 0;
m_bytes_read = 0;
return true;
}
//--------------------------------------------------------------------------------------------
@ -243,6 +245,14 @@ namespace net_utils
size_t ndel;
m_bytes_read += buf.size();
if (m_bytes_read > m_config.m_max_content_length)
{
LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too much data: got " << m_bytes_read);
m_state = http_state_error;
return false;
}
if(m_cache.size())
m_cache += buf;
else

@ -126,6 +126,7 @@
#define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT 1000
#define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT 20000
#define MAX_RPC_CONTENT_LENGTH 1048576 // 1 MB
#define P2P_LOCAL_WHITE_PEERLIST_LIMIT 1000
#define P2P_LOCAL_GRAY_PEERLIST_LIMIT 5000

@ -365,6 +365,8 @@ namespace cryptonote
std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options)
);
m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH;
if (store_ssl_key && inited)
{
// new keys were generated, store for next run

Loading…
Cancel
Save