add a sanity check to RPC input data size

reported by m31007
This commit is contained in:
moneromooo-monero 2022-03-16 22:16:52 +00:00
parent 9f814edbd7
commit 9209880e9c
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
4 changed files with 15 additions and 0 deletions

View file

@ -55,6 +55,7 @@ namespace net_utils
std::string m_folder; std::string m_folder;
std::vector<std::string> m_access_control_origins; std::vector<std::string> m_access_control_origins;
boost::optional<login> m_user; boost::optional<login> m_user;
size_t m_max_content_length{std::numeric_limits<size_t>::max()};
critical_section m_lock; critical_section m_lock;
}; };
@ -141,6 +142,7 @@ namespace net_utils
config_type& m_config; config_type& m_config;
bool m_want_close; bool m_want_close;
size_t m_newlines; size_t m_newlines;
size_t m_bytes_read;
protected: protected:
i_service_endpoint* m_psnd_hndlr; i_service_endpoint* m_psnd_hndlr;
t_connection_context& m_conn_context; t_connection_context& m_conn_context;

View file

@ -206,6 +206,7 @@ namespace net_utils
m_config(config), m_config(config),
m_want_close(false), m_want_close(false),
m_newlines(0), m_newlines(0),
m_bytes_read(0),
m_psnd_hndlr(psnd_hndlr), m_psnd_hndlr(psnd_hndlr),
m_conn_context(conn_context) m_conn_context(conn_context)
{ {
@ -221,6 +222,7 @@ namespace net_utils
m_query_info.clear(); m_query_info.clear();
m_len_summary = 0; m_len_summary = 0;
m_newlines = 0; m_newlines = 0;
m_bytes_read = 0;
return true; return true;
} }
//-------------------------------------------------------------------------------------------- //--------------------------------------------------------------------------------------------
@ -243,6 +245,14 @@ namespace net_utils
size_t ndel; size_t ndel;
m_bytes_read += buf.size();
if (m_bytes_read > m_config.m_max_content_length)
{
LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too much data: got " << m_bytes_read);
m_state = http_state_error;
return false;
}
if(m_cache.size()) if(m_cache.size())
m_cache += buf; m_cache += buf;
else else

View file

@ -126,6 +126,7 @@
#define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT 1000 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT 1000
#define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT 20000 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT 20000
#define MAX_RPC_CONTENT_LENGTH 1048576 // 1 MB
#define P2P_LOCAL_WHITE_PEERLIST_LIMIT 1000 #define P2P_LOCAL_WHITE_PEERLIST_LIMIT 1000
#define P2P_LOCAL_GRAY_PEERLIST_LIMIT 5000 #define P2P_LOCAL_GRAY_PEERLIST_LIMIT 5000

View file

@ -365,6 +365,8 @@ namespace cryptonote
std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options) std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options)
); );
m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH;
if (store_ssl_key && inited) if (store_ssl_key && inited)
{ {
// new keys were generated, store for next run // new keys were generated, store for next run