aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-05-12 13:27:34 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-06-14 08:48:27 +0000
commit542cab02e1cc1acba09c4759826ef57bbd6c2191 (patch)
tree7301d251061d44106b1cc5a50778c8a1db86d230
parentensure no NULL is passed to memcpy (diff)
downloadmonero-542cab02e1cc1acba09c4759826ef57bbd6c2191.tar.xz
rpc: restrict the recent cutoff size in restricted RPC mode
-rw-r--r--src/rpc/core_rpc_server.cpp9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index 28c53d6e3..3db138719 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -59,6 +59,8 @@ using namespace epee;
#define MAX_RESTRICTED_FAKE_OUTS_COUNT 40
#define MAX_RESTRICTED_GLOBAL_FAKE_OUTS_COUNT 5000
+#define OUTPUT_HISTOGRAM_RECENT_CUTOFF_RESTRICTION (3 * 86400) // 3 days max, the wallet requests 1.8 days
+
namespace
{
void add_reason(std::string &reasons, const char *reason)
@@ -1882,6 +1884,13 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_OUTPUT_HISTOGRAM>(invoke_http_mode::JON_RPC, "get_output_histogram", req, res, r))
return r;
+ const bool restricted = m_restricted && ctx;
+ if (restricted && req.recent_cutoff > 0 && req.recent_cutoff < (uint64_t)time(NULL) - OUTPUT_HISTOGRAM_RECENT_CUTOFF_RESTRICTION)
+ {
+ res.status = "Recent cutoff is too old";
+ return true;
+ }
+
std::map<uint64_t, std::tuple<uint64_t, uint64_t, uint64_t>> histogram;
try
{