http: Restrict maximum size of request line + headers

Prevent memory exhaustion by sending lots of data. Also add a test to `httpbasics.py`. Closes #6425
author: Wladimir J. van der Laan <laanwj@gmail.com> 2015-10-20 11:35:10 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2015-10-20 14:31:40 +0200
commit: 41db8c4733b34d56834162c4d054823c240ffc92 (patch)
tree: 07b3417f8fc0ff7760be7534a6df349f951b5529 /src/httpserver.cpp
parent: da7d57fb9501ad8939a2923f2a60fa540eae8cfa (diff)
download: bitcoin-41db8c4733b34d56834162c4d054823c240ffc92.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index 0a7f903e9f..8698abb900 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -38,6 +38,9 @@
 #include <boost/foreach.hpp>
 #include <boost/scoped_ptr.hpp>
 
+/** Maximum size of http request (request line + headers) */
+static const size_t MAX_HEADERS_SIZE = 8192;
+
 /** HTTP request work item */
 class HTTPWorkItem : public HTTPClosure
 {
@@ -414,6 +417,7 @@ bool InitHTTPServer()
     }
 
     evhttp_set_timeout(http, GetArg("-rpcservertimeout", DEFAULT_HTTP_SERVER_TIMEOUT));
+    evhttp_set_max_headers_size(http, MAX_HEADERS_SIZE);
     evhttp_set_max_body_size(http, MAX_SIZE);
     evhttp_set_gencb(http, http_request_cb, NULL);
author	Wladimir J. van der Laan <laanwj@gmail.com>	2015-10-20 11:35:10 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2015-10-20 14:31:40 +0200
commit	41db8c4733b34d56834162c4d054823c240ffc92 (patch)
tree	07b3417f8fc0ff7760be7534a6df349f951b5529 /src/httpserver.cpp
parent	da7d57fb9501ad8939a2923f2a60fa540eae8cfa (diff)
download	bitcoin-41db8c4733b34d56834162c4d054823c240ffc92.tar.xz