Skip to content

Commit 2ec5a3d

Browse files
committed
rpc: Prevent easy memory exhaustion attack
Allocate memory for POST message data only as bytes come in, instead of all at once at the beginning. Fixes #4343.
1 parent e81e2e8 commit 2ec5a3d

File tree

1 file changed

+14
-2
lines changed

1 file changed

+14
-2
lines changed

src/rpcprotocol.cpp

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@ using namespace boost;
2525
using namespace boost::asio;
2626
using namespace json_spirit;
2727

28+
// Number of bytes to allocate and read at most at once in post data
29+
const size_t POST_READ_SIZE = 256 * 1024;
30+
2831
//
2932
// HTTP protocol
3033
//
@@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream<char>& stream, map<string,
204207
// Read message
205208
if (nLen > 0)
206209
{
207-
vector<char> vch(nLen);
208-
stream.read(&vch[0], nLen);
210+
vector<char> vch;
211+
size_t ptr = 0;
212+
while (ptr < (size_t)nLen)
213+
{
214+
size_t bytes_to_read = std::min((size_t)nLen - ptr, POST_READ_SIZE);
215+
vch.resize(ptr + bytes_to_read);
216+
stream.read(&vch[ptr], bytes_to_read);
217+
if (!stream) // Connection lost while reading
218+
return HTTP_INTERNAL_SERVER_ERROR;
219+
ptr += bytes_to_read;
220+
}
209221
strMessageRet = string(vch.begin(), vch.end());
210222
}
211223

0 commit comments

Comments
 (0)