rpc: Prevent easy memory exhaustion attack

Allocate memory for POST message data only as bytes come in, instead of
all at once at the beginning.

Fixes #4343.
This commit is contained in:
Wladimir J. van der Laan 2014-06-20 15:21:30 +02:00
parent e81e2e8f7c
commit 2ec5a3d212
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6

View File

@ -25,6 +25,9 @@ using namespace boost;
using namespace boost::asio; using namespace boost::asio;
using namespace json_spirit; using namespace json_spirit;
// Number of bytes to allocate and read at most at once in post data
const size_t POST_READ_SIZE = 256 * 1024;
// //
// HTTP protocol // HTTP protocol
// //
@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream<char>& stream, map<string,
// Read message // Read message
if (nLen > 0) if (nLen > 0)
{ {
vector<char> vch(nLen); vector<char> vch;
stream.read(&vch[0], nLen); size_t ptr = 0;
while (ptr < (size_t)nLen)
{
size_t bytes_to_read = std::min((size_t)nLen - ptr, POST_READ_SIZE);
vch.resize(ptr + bytes_to_read);
stream.read(&vch[ptr], bytes_to_read);
if (!stream) // Connection lost while reading
return HTTP_INTERNAL_SERVER_ERROR;
ptr += bytes_to_read;
}
strMessageRet = string(vch.begin(), vch.end()); strMessageRet = string(vch.begin(), vch.end());
} }