aboutsummaryrefslogtreecommitdiff
path: root/contrib/epee/include
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-05-26 20:17:15 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-05-27 09:43:54 +0100
commitdfd36bbebb6f6171763281cd2431f85901584259 (patch)
tree00b9f1b32fe1015ce68313dbd6d5f203111a89a7 /contrib/epee/include
parentabstract_tcp_server2: timeout on RPC connections (diff)
downloadmonero-dfd36bbebb6f6171763281cd2431f85901584259.tar.xz
http_protocol_handler: limit the number of starting newlines
Diffstat (limited to 'contrib/epee/include')
-rw-r--r--contrib/epee/include/net/abstract_tcp_server2.inl2
-rw-r--r--contrib/epee/include/net/http_protocol_handler.h1
-rw-r--r--contrib/epee/include/net/http_protocol_handler.inl10
3 files changed, 12 insertions, 1 deletions
diff --git a/contrib/epee/include/net/abstract_tcp_server2.inl b/contrib/epee/include/net/abstract_tcp_server2.inl
index 7bbee288d..91a94c21e 100644
--- a/contrib/epee/include/net/abstract_tcp_server2.inl
+++ b/contrib/epee/include/net/abstract_tcp_server2.inl
@@ -607,7 +607,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
{
if(ec == boost::asio::error::operation_aborted)
return;
- MDEBUG("Connection timeout, closing");
+ MDEBUG(context << "connection timeout, closing");
self->close();
});
}
diff --git a/contrib/epee/include/net/http_protocol_handler.h b/contrib/epee/include/net/http_protocol_handler.h
index b4485d1cd..e602fac2b 100644
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@@ -141,6 +141,7 @@ namespace net_utils
size_t m_len_summary, m_len_remain;
config_type& m_config;
bool m_want_close;
+ size_t m_newlines;
protected:
i_service_endpoint* m_psnd_hndlr;
};
diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl
index 7aba6c1dd..f1da5067a 100644
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@@ -38,6 +38,7 @@
#define HTTP_MAX_URI_LEN 9000
#define HTTP_MAX_HEADER_LEN 100000
+#define HTTP_MAX_STARTING_NEWLINES 8
namespace epee
{
@@ -203,6 +204,7 @@ namespace net_utils
m_len_remain(0),
m_config(config),
m_want_close(false),
+ m_newlines(0),
m_psnd_hndlr(psnd_hndlr)
{
@@ -216,6 +218,7 @@ namespace net_utils
m_body_transfer_type = http_body_transfer_undefined;
m_query_info.clear();
m_len_summary = 0;
+ m_newlines = 0;
return true;
}
//--------------------------------------------------------------------------------------------
@@ -260,6 +263,13 @@ namespace net_utils
{
//some times it could be that before query line cold be few line breaks
//so we have to be calm without panic with assers
+ m_newlines += std::string::npos == ndel ? m_cache.size() : ndel;
+ if (m_newlines > HTTP_MAX_STARTING_NEWLINES)
+ {
+ LOG_ERROR("simple_http_connection_handler::handle_buff_out: Too many starting newlines");
+ m_state = http_state_error;
+ return false;
+ }
m_cache.erase(0, ndel);
break;
}