Browse Source

Merge pull request #4373

2ec5a3d rpc: Prevent easy memory exhaustion attack (Wladimir J. van der Laan)
0.10
Wladimir J. van der Laan 11 years ago
parent
commit
ebb37a417a
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 16
      src/rpcprotocol.cpp

16
src/rpcprotocol.cpp

@ -25,6 +25,9 @@ using namespace boost;
using namespace boost::asio; using namespace boost::asio;
using namespace json_spirit; using namespace json_spirit;
// Number of bytes to allocate and read at most at once in post data
const size_t POST_READ_SIZE = 256 * 1024;
// //
// HTTP protocol // HTTP protocol
// //
@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream<char>& stream, map<string,
// Read message // Read message
if (nLen > 0) if (nLen > 0)
{ {
vector<char> vch(nLen); vector<char> vch;
stream.read(&vch[0], nLen); size_t ptr = 0;
while (ptr < (size_t)nLen)
{
size_t bytes_to_read = std::min((size_t)nLen - ptr, POST_READ_SIZE);
vch.resize(ptr + bytes_to_read);
stream.read(&vch[ptr], bytes_to_read);
if (!stream) // Connection lost while reading
return HTTP_INTERNAL_SERVER_ERROR;
ptr += bytes_to_read;
}
strMessageRet = string(vch.begin(), vch.end()); strMessageRet = string(vch.begin(), vch.end());
} }

Loading…
Cancel
Save