From 2ec5a3d212ac4b09e6c32d495f34ee3cdedc8c66 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 20 Jun 2014 15:21:30 +0200 Subject: [PATCH] rpc: Prevent easy memory exhaustion attack Allocate memory for POST message data only as bytes come in, instead of all at once at the beginning. Fixes #4343. --- src/rpcprotocol.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/rpcprotocol.cpp b/src/rpcprotocol.cpp index dd8692e802..9e18ca847e 100644 --- a/src/rpcprotocol.cpp +++ b/src/rpcprotocol.cpp @@ -25,6 +25,9 @@ using namespace boost; using namespace boost::asio; using namespace json_spirit; +// Number of bytes to allocate and read at most at once in post data +const size_t POST_READ_SIZE = 256 * 1024; + // // HTTP protocol // @@ -204,8 +207,17 @@ int ReadHTTPMessage(std::basic_istream& stream, map 0) { - vector vch(nLen); - stream.read(&vch[0], nLen); + vector vch; + size_t ptr = 0; + while (ptr < (size_t)nLen) + { + size_t bytes_to_read = std::min((size_t)nLen - ptr, POST_READ_SIZE); + vch.resize(ptr + bytes_to_read); + stream.read(&vch[ptr], bytes_to_read); + if (!stream) // Connection lost while reading + return HTTP_INTERNAL_SERVER_ERROR; + ptr += bytes_to_read; + } strMessageRet = string(vch.begin(), vch.end()); }