add a sanity check to RPC input data size

reported by m31007

2 files changed, 3 insertions, 0 deletions

diff --git a/src/cryptonote_config.h b/src/cryptonote_config.h
index 88316fd6a..84c5adcfe 100644
--- a/src/cryptonote_config.h
+++ b/src/cryptonote_config.h
@@ -126,6 +126,7 @@
 
 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_BLOCK_COUNT     1000
 #define COMMAND_RPC_GET_BLOCKS_FAST_MAX_TX_COUNT        20000
+#define MAX_RPC_CONTENT_LENGTH                          1048576 // 1 MB
 
 #define P2P_LOCAL_WHITE_PEERLIST_LIMIT                  1000
 #define P2P_LOCAL_GRAY_PEERLIST_LIMIT                   5000
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index bbcfa6168..869040657 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -365,6 +365,8 @@ namespace cryptonote
       std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options)
     );
 
+    m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH;
+
     if (store_ssl_key && inited)
     {
       // new keys were generated, store for next run