diff --git a/contrib/epee/include/net/http_protocol_handler.h b/contrib/epee/include/net/http_protocol_handler.h index f68b2bc99..258b07e2c 100644 --- a/contrib/epee/include/net/http_protocol_handler.h +++ b/contrib/epee/include/net/http_protocol_handler.h @@ -55,6 +55,7 @@ namespace net_utils std::string m_folder; std::vector m_access_control_origins; boost::optional m_user; + size_t m_max_content_length{std::numeric_limits::max()}; critical_section m_lock; }; @@ -141,6 +142,7 @@ namespace net_utils config_type& m_config; bool m_want_close; size_t m_newlines; + size_t m_bytes_read; protected: i_service_endpoint* m_psnd_hndlr; t_connection_context& m_conn_context; diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index df0afc5cf..f7d2074b2 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -206,6 +206,7 @@ namespace net_utils m_config(config), m_want_close(false), m_newlines(0), + m_bytes_read(0), m_psnd_hndlr(psnd_hndlr), m_conn_context(conn_context) { @@ -221,6 +222,7 @@ namespace net_utils m_query_info.clear(); m_len_summary = 0; m_newlines = 0; + m_bytes_read = 0; return true; } //-------------------------------------------------------------------------------------------- @@ -243,6 +245,14 @@ namespace net_utils size_t ndel; + m_bytes_read += buf.size(); + if (m_bytes_read > m_config.m_max_content_length) + { + LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too much data: got " << m_bytes_read); + m_state = http_state_error; + return false; + } + if(m_cache.size()) m_cache += buf; else diff --git a/src/cryptonote_config.h b/src/cryptonote_config.h index 88316fd6a..84c5adcfe 100644 --- a/src/cryptonote_config.h +++ b/src/cryptonote_config.h @@ -126,6 +126,7 @@ #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT 1000 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT 20000 +#define MAX_RPC_CONTENT_LENGTH 1048576 // 1 MB #define P2P_LOCAL_WHITE_PEERLIST_LIMIT 1000 #define P2P_LOCAL_GRAY_PEERLIST_LIMIT 5000 diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index bbcfa6168..869040657 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -365,6 +365,8 @@ namespace cryptonote std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options) ); + m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH; + if (store_ssl_key && inited) { // new keys were generated, store for next run