add a sanity check to RPC input data size

reported by m31007

2 files changed, 12 insertions, 0 deletions

diff --git a/contrib/epee/include/net/http_protocol_handler.h b/contrib/epee/include/net/http_protocol_handler.h
index f68b2bc99..258b07e2c 100644
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@@ -55,6 +55,7 @@ namespace net_utils
 			std::string m_folder;
 			std::vector<std::string> m_access_control_origins;
 			boost::optional<login> m_user;
+			size_t m_max_content_length{std::numeric_limits<size_t>::max()};
 			critical_section m_lock;
 		};
 
@@ -141,6 +142,7 @@ namespace net_utils
 			config_type& m_config;
 			bool m_want_close;
 			size_t m_newlines;
+			size_t m_bytes_read;
 		protected:
 			i_service_endpoint* m_psnd_hndlr; 
 			t_connection_context& m_conn_context;
diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl
index df0afc5cf..f7d2074b2 100644
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@@ -206,6 +206,7 @@ namespace net_utils
 		m_config(config),
 		m_want_close(false),
 		m_newlines(0),
+		m_bytes_read(0),
 		m_psnd_hndlr(psnd_hndlr),
 		m_conn_context(conn_context)
 	{
@@ -221,6 +222,7 @@ namespace net_utils
 		m_query_info.clear();
 		m_len_summary = 0;
 		m_newlines = 0;
+		m_bytes_read = 0;
 		return true;
 	}
 	//--------------------------------------------------------------------------------------------
@@ -243,6 +245,14 @@ namespace net_utils
 
 		size_t ndel;
 
+		m_bytes_read += buf.size();
+		if (m_bytes_read > m_config.m_max_content_length)
+		{
+			LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too much data: got " << m_bytes_read);
+			m_state = http_state_error;
+			return false;
+		}
+
 		if(m_cache.size())
 			m_cache += buf;
 		else