kvazar/kevacoin
1
0
Fork 0
mirror of https://github.com/kvazar-network/kevacoin.git synced 2025-01-17 18:40:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6859

Browse Source 
41db8c4 http: Restrict maximum size of request line + headers (Wladimir J. van der Laan)
This commit is contained in:
Wladimir J. van der Laan 2015-10-21 11:19:13 +02:00
commit 0fbfc5106c
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
qa/rpc-tests/httpbasics.py
View File

@ -97,5 +97,19 @@ class HTTPBasicsTest (BitcoinTestFramework):
assert_equal('"error":null' in out1, True) assert_equal('"error":null' in out1, True)
assert_equal(conn.sock!=None, True) #connection must be closed because bitcoind should use keep-alive by default assert_equal(conn.sock!=None, True) #connection must be closed because bitcoind should use keep-alive by default
# Check excessive request size
conn = httplib.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('GET', '/' + ('x'*1000), '', headers)
out1 = conn.getresponse()
assert_equal(out1.status, httplib.NOT_FOUND)
conn = httplib.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('GET', '/' + ('x'*10000), '', headers)
out1 = conn.getresponse()
assert_equal(out1.status, httplib.BAD_REQUEST)
if __name__ == '__main__': if __name__ == '__main__':
HTTPBasicsTest ().main () HTTPBasicsTest ().main ()

4
src/httpserver.cpp
View File

@ -38,6 +38,9 @@
#include <boost/foreach.hpp> #include <boost/foreach.hpp>
#include <boost/scoped_ptr.hpp> #include <boost/scoped_ptr.hpp>
/** Maximum size of http request (request line + headers) */
static const size_t MAX_HEADERS_SIZE = 8192;
/** HTTP request work item */ /** HTTP request work item */
class HTTPWorkItem : public HTTPClosure class HTTPWorkItem : public HTTPClosure
{ {
@ -414,6 +417,7 @@ bool InitHTTPServer()
} }
evhttp_set_timeout(http, GetArg("-rpcservertimeout", DEFAULT_HTTP_SERVER_TIMEOUT)); evhttp_set_timeout(http, GetArg("-rpcservertimeout", DEFAULT_HTTP_SERVER_TIMEOUT));
evhttp_set_max_headers_size(http, MAX_HEADERS_SIZE);
evhttp_set_max_body_size(http, MAX_SIZE); evhttp_set_max_body_size(http, MAX_SIZE);
evhttp_set_gencb(http, http_request_cb, NULL); evhttp_set_gencb(http, http_request_cb, NULL);