diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-05-26 20:17:15 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-05-27 09:43:54 +0100 |
commit | dfd36bbebb6f6171763281cd2431f85901584259 (patch) | |
tree | 00b9f1b32fe1015ce68313dbd6d5f203111a89a7 /contrib/epee/include | |
parent | abstract_tcp_server2: timeout on RPC connections (diff) | |
download | monero-dfd36bbebb6f6171763281cd2431f85901584259.tar.xz |
http_protocol_handler: limit the number of starting newlines
Diffstat (limited to 'contrib/epee/include')
-rw-r--r-- | contrib/epee/include/net/abstract_tcp_server2.inl | 2 | ||||
-rw-r--r-- | contrib/epee/include/net/http_protocol_handler.h | 1 | ||||
-rw-r--r-- | contrib/epee/include/net/http_protocol_handler.inl | 10 |
3 files changed, 12 insertions, 1 deletions
diff --git a/contrib/epee/include/net/abstract_tcp_server2.inl b/contrib/epee/include/net/abstract_tcp_server2.inl index 7bbee288d..91a94c21e 100644 --- a/contrib/epee/include/net/abstract_tcp_server2.inl +++ b/contrib/epee/include/net/abstract_tcp_server2.inl @@ -607,7 +607,7 @@ PRAGMA_WARNING_DISABLE_VS(4355) { if(ec == boost::asio::error::operation_aborted) return; - MDEBUG("Connection timeout, closing"); + MDEBUG(context << "connection timeout, closing"); self->close(); }); } diff --git a/contrib/epee/include/net/http_protocol_handler.h b/contrib/epee/include/net/http_protocol_handler.h index b4485d1cd..e602fac2b 100644 --- a/contrib/epee/include/net/http_protocol_handler.h +++ b/contrib/epee/include/net/http_protocol_handler.h @@ -141,6 +141,7 @@ namespace net_utils size_t m_len_summary, m_len_remain; config_type& m_config; bool m_want_close; + size_t m_newlines; protected: i_service_endpoint* m_psnd_hndlr; }; diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index 7aba6c1dd..f1da5067a 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -38,6 +38,7 @@ #define HTTP_MAX_URI_LEN 9000 #define HTTP_MAX_HEADER_LEN 100000 +#define HTTP_MAX_STARTING_NEWLINES 8 namespace epee { @@ -203,6 +204,7 @@ namespace net_utils m_len_remain(0), m_config(config), m_want_close(false), + m_newlines(0), m_psnd_hndlr(psnd_hndlr) { @@ -216,6 +218,7 @@ namespace net_utils m_body_transfer_type = http_body_transfer_undefined; m_query_info.clear(); m_len_summary = 0; + m_newlines = 0; return true; } //-------------------------------------------------------------------------------------------- @@ -260,6 +263,13 @@ namespace net_utils { //some times it could be that before query line cold be few line breaks //so we have to be calm without panic with assers + m_newlines += std::string::npos == ndel ? m_cache.size() : ndel; + if (m_newlines > HTTP_MAX_STARTING_NEWLINES) + { + LOG_ERROR("simple_http_connection_handler::handle_buff_out: Too many starting newlines"); + m_state = http_state_error; + return false; + } m_cache.erase(0, ndel); break; } |