Merge pull request #4373

2ec5a3d rpc: Prevent easy memory exhaustion attack (Wladimir J. van der Laan)
author: Wladimir J. van der Laan <laanwj@gmail.com> 2014-07-07 10:29:44 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2014-07-07 10:30:06 +0200
commit: ebb37a417a92f58a5b0d91397f3ceb6d00c1b0ff (patch)
tree: 8386d0b7736e3d0ba238760ffe04702a607ad3c8 /src
parent: 4851d0960313a43b754d8b652ffe194fbb52c597 (diff)
parent: 2ec5a3d212ac4b09e6c32d495f34ee3cdedc8c66 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/src/rpcprotocol.cpp b/src/rpcprotocol.cpp
index dd8692e802..9e18ca847e 100644
--- a/src/rpcprotocol.cpp
+++ b/src/rpcprotocol.cpp
@@ -25,6 +25,9 @@ using namespace boost;
 using namespace boost::asio;
 using namespace json_spirit;
 
+// Number of bytes to allocate and read at most at once in post data
+const size_t POST_READ_SIZE = 256 * 1024;
+
 //
 // HTTP protocol
 //
@@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream<char>& stream, map<string,
     // Read message
     if (nLen > 0)
     {
-        vector<char> vch(nLen);
-        stream.read(&vch[0], nLen);
+        vector<char> vch;
+        size_t ptr = 0;
+        while (ptr < (size_t)nLen)
+        {
+            size_t bytes_to_read = std::min((size_t)nLen - ptr, POST_READ_SIZE);
+            vch.resize(ptr + bytes_to_read);
+            stream.read(&vch[ptr], bytes_to_read);
+            if (!stream) // Connection lost while reading
+                return HTTP_INTERNAL_SERVER_ERROR;
+            ptr += bytes_to_read;
+        }
         strMessageRet = string(vch.begin(), vch.end());
     }
author	Wladimir J. van der Laan <laanwj@gmail.com>	2014-07-07 10:29:44 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2014-07-07 10:30:06 +0200
commit	ebb37a417a92f58a5b0d91397f3ceb6d00c1b0ff (patch)
tree	8386d0b7736e3d0ba238760ffe04702a607ad3c8 /src
parent	4851d0960313a43b754d8b652ffe194fbb52c597 (diff)
parent	2ec5a3d212ac4b09e6c32d495f34ee3cdedc8c66 (diff)