mirror of
https://github.com/monero-project/monero.git
synced 2025-01-07 09:27:56 -05:00
add a sanity check to RPC input data size
reported by m31007
This commit is contained in:
parent
fb1ef3349e
commit
c624d05de6
@ -56,6 +56,7 @@ namespace net_utils
|
||||
std::string m_folder;
|
||||
std::vector<std::string> m_access_control_origins;
|
||||
boost::optional<login> m_user;
|
||||
size_t m_max_content_length{std::numeric_limits<size_t>::max()};
|
||||
critical_section m_lock;
|
||||
};
|
||||
|
||||
@ -142,6 +143,7 @@ namespace net_utils
|
||||
config_type& m_config;
|
||||
bool m_want_close;
|
||||
size_t m_newlines;
|
||||
size_t m_bytes_read;
|
||||
protected:
|
||||
i_service_endpoint* m_psnd_hndlr;
|
||||
t_connection_context& m_conn_context;
|
||||
|
@ -206,6 +206,7 @@ namespace net_utils
|
||||
m_config(config),
|
||||
m_want_close(false),
|
||||
m_newlines(0),
|
||||
m_bytes_read(0),
|
||||
m_psnd_hndlr(psnd_hndlr),
|
||||
m_conn_context(conn_context)
|
||||
{
|
||||
@ -221,6 +222,7 @@ namespace net_utils
|
||||
m_query_info.clear();
|
||||
m_len_summary = 0;
|
||||
m_newlines = 0;
|
||||
m_bytes_read = 0;
|
||||
return true;
|
||||
}
|
||||
//--------------------------------------------------------------------------------------------
|
||||
@ -243,6 +245,14 @@ namespace net_utils
|
||||
|
||||
size_t ndel;
|
||||
|
||||
m_bytes_read += buf.size();
|
||||
if (m_bytes_read > m_config.m_max_content_length)
|
||||
{
|
||||
LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too much data: got " << m_bytes_read);
|
||||
m_state = http_state_error;
|
||||
return false;
|
||||
}
|
||||
|
||||
if(m_cache.size())
|
||||
m_cache += buf;
|
||||
else
|
||||
|
@ -126,6 +126,7 @@
|
||||
|
||||
#define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT 1000
|
||||
#define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT 20000
|
||||
#define MAX_RPC_CONTENT_LENGTH 1048576 // 1 MB
|
||||
|
||||
#define P2P_LOCAL_WHITE_PEERLIST_LIMIT 1000
|
||||
#define P2P_LOCAL_GRAY_PEERLIST_LIMIT 5000
|
||||
|
@ -344,6 +344,8 @@ namespace cryptonote
|
||||
if (m_rpc_payment)
|
||||
m_net_server.add_idle_handler([this](){ return m_rpc_payment->on_idle(); }, 60 * 1000);
|
||||
|
||||
m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH;
|
||||
|
||||
auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); };
|
||||
return epee::http_server_impl_base<core_rpc_server, connection_context>::init(
|
||||
rng, std::move(port), std::move(bind_ip_str),
|
||||
|
Loading…
Reference in New Issue
Block a user