diff --git a/src/bitcoin-cli.cpp b/src/bitcoin-cli.cpp index 3b991f9276..0609adcab3 100644 --- a/src/bitcoin-cli.cpp +++ b/src/bitcoin-cli.cpp @@ -126,7 +126,7 @@ Object CallRPC(const string& strMethod, const Array& params) // Receive HTTP reply message headers and body map mapHeaders; string strReply; - ReadHTTPMessage(stream, mapHeaders, strReply, nProto); + ReadHTTPMessage(stream, mapHeaders, strReply, nProto, std::numeric_limits::max()); if (nStatus == HTTP_UNAUTHORIZED) throw runtime_error("incorrect rpcuser or rpcpassword (authorization failed)"); diff --git a/src/rpcprotocol.cpp b/src/rpcprotocol.cpp index 48c6c68eb1..643208b3b6 100644 --- a/src/rpcprotocol.cpp +++ b/src/rpcprotocol.cpp @@ -201,14 +201,14 @@ int ReadHTTPHeaders(std::basic_istream& stream, map& mapHe int ReadHTTPMessage(std::basic_istream& stream, map& mapHeadersRet, string& strMessageRet, - int nProto) + int nProto, size_t max_size) { mapHeadersRet.clear(); strMessageRet = ""; // Read header int nLen = ReadHTTPHeaders(stream, mapHeadersRet); - if (nLen < 0 || nLen > (int)MAX_SIZE) + if (nLen < 0 || (size_t)nLen > max_size) return HTTP_INTERNAL_SERVER_ERROR; // Read message diff --git a/src/rpcprotocol.h b/src/rpcprotocol.h index a088c379d3..8f05c08482 100644 --- a/src/rpcprotocol.h +++ b/src/rpcprotocol.h @@ -153,7 +153,7 @@ bool ReadHTTPRequestLine(std::basic_istream& stream, int &proto, int ReadHTTPStatus(std::basic_istream& stream, int &proto); int ReadHTTPHeaders(std::basic_istream& stream, std::map& mapHeadersRet); int ReadHTTPMessage(std::basic_istream& stream, std::map& mapHeadersRet, - std::string& strMessageRet, int nProto); + std::string& strMessageRet, int nProto, size_t max_size); std::string JSONRPCRequest(const std::string& strMethod, const json_spirit::Array& params, const json_spirit::Value& id); json_spirit::Object JSONRPCReplyObj(const json_spirit::Value& result, const json_spirit::Value& error, const json_spirit::Value& id); std::string JSONRPCReply(const json_spirit::Value& result, const json_spirit::Value& error, const json_spirit::Value& id); diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp index d9a664dc54..e7ed73310c 100644 --- a/src/rpcserver.cpp +++ b/src/rpcserver.cpp @@ -891,7 +891,7 @@ void ServiceConnection(AcceptedConnection *conn) break; // Read HTTP message headers and body - ReadHTTPMessage(conn->stream(), mapHeaders, strRequest, nProto); + ReadHTTPMessage(conn->stream(), mapHeaders, strRequest, nProto, MAX_SIZE); // HTTP Keep-Alive is false; close connection immediately if (mapHeaders["connection"] == "close")