add a sanity check to RPC input data size

reported by m31007
2024-08-15 01:03:23 +00:00 · 2022-03-16 22:16:52 +00:00 · 2022-03-16 22:16:52 +00:00 · 9209880e9c
commit 9209880e9c
parent 9f814edbd7
4 changed files with 15 additions and 0 deletions
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@ -55,6 +55,7 @@ namespace net_utils
 			std::string m_folder;
 			std::vector<std::string> m_access_control_origins;
 			boost::optional<login> m_user;
+			size_t m_max_content_length{std::numeric_limits<size_t>::max()};
 			critical_section m_lock;
 		};

@ -141,6 +142,7 @@ namespace net_utils
 			config_type& m_config;
 			bool m_want_close;
 			size_t m_newlines;
+			size_t m_bytes_read;
 		protected:
 			i_service_endpoint* m_psnd_hndlr; 
 			t_connection_context& m_conn_context;
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@ -206,6 +206,7 @@ namespace net_utils
 		m_config(config),
 		m_want_close(false),
 		m_newlines(0),
+		m_bytes_read(0),
 		m_psnd_hndlr(psnd_hndlr),
 		m_conn_context(conn_context)
 	{
@ -221,6 +222,7 @@ namespace net_utils
 		m_query_info.clear();
 		m_len_summary = 0;
 		m_newlines = 0;
+		m_bytes_read = 0;
 		return true;
 	}
 	//--------------------------------------------------------------------------------------------
@ -243,6 +245,14 @@ namespace net_utils

 		size_t ndel;

+		m_bytes_read += buf.size();
+		if (m_bytes_read > m_config.m_max_content_length)
+		{
+			LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too much data: got " << m_bytes_read);
+			m_state = http_state_error;
+			return false;
+		}
+
 		if(m_cache.size())
 			m_cache += buf;
 		else
--- a/src/cryptonote_config.h
+++ b/src/cryptonote_config.h
@ -126,6 +126,7 @@

 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT     1000
 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT        20000
+#define MAX_RPC_CONTENT_LENGTH                          1048576 // 1 MB

 #define P2P_LOCAL_WHITE_PEERLIST_LIMIT                  1000
 #define P2P_LOCAL_GRAY_PEERLIST_LIMIT                   5000
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@ -365,6 +365,8 @@ namespace cryptonote
      std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options)
    );

+    m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH;
+
    if (store_ssl_key && inited)
    {
      // new keys were generated, store for next run