kvazar
/
kevacoin
mirror of https://github.com/kvazar-network/kevacoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #4373 

2ec5a3d rpc: Prevent easy memory exhaustion attack (Wladimir J. van der Laan)
0.10
Wladimir J. van der Laan 10 years ago
parent
4851d09603 2ec5a3d212
commit
ebb37a417a
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
1 changed files with 14 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      src/rpcprotocol.cpp

16
src/rpcprotocol.cpp
Unescape View File

@ -25,6 +25,9 @@ using namespace boost; @@ -25,6 +25,9 @@ using namespace boost;
using namespace boost::asio;
using namespace json_spirit;
// Number of bytes to allocate and read at most at once in post data
const size_t POST_READ_SIZE = 256 * 1024;
//
// HTTP protocol
//
@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream<char>& stream, map<string, @@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream<char>& stream, map<string,
// Read message
if (nLen > 0)
{
vector<char> vch(nLen);
stream.read(&vch[0], nLen);
vector<char> vch;
size_t ptr = 0;
while (ptr < (size_t)nLen)
{
size_t bytes_to_read = std::min((size_t)nLen - ptr, POST_READ_SIZE);
vch.resize(ptr + bytes_to_read);
stream.read(&vch[ptr], bytes_to_read);
if (!stream) // Connection lost while reading
return HTTP_INTERNAL_SERVER_ERROR;
ptr += bytes_to_read;
}
strMessageRet = string(vch.begin(), vch.end());
}

Write Preview
Loading…
Cancel
Save