mirror of
https://codeberg.org/anoncontributorxmr/monero.git
synced 2024-11-26 21:03:28 +01:00
http_protocol_handler: limit the number of starting newlines
This commit is contained in:
parent
4d15864728
commit
dfd36bbebb
@ -607,7 +607,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
|
|||||||
{
|
{
|
||||||
if(ec == boost::asio::error::operation_aborted)
|
if(ec == boost::asio::error::operation_aborted)
|
||||||
return;
|
return;
|
||||||
MDEBUG("Connection timeout, closing");
|
MDEBUG(context << "connection timeout, closing");
|
||||||
self->close();
|
self->close();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -141,6 +141,7 @@ namespace net_utils
|
|||||||
size_t m_len_summary, m_len_remain;
|
size_t m_len_summary, m_len_remain;
|
||||||
config_type& m_config;
|
config_type& m_config;
|
||||||
bool m_want_close;
|
bool m_want_close;
|
||||||
|
size_t m_newlines;
|
||||||
protected:
|
protected:
|
||||||
i_service_endpoint* m_psnd_hndlr;
|
i_service_endpoint* m_psnd_hndlr;
|
||||||
};
|
};
|
||||||
|
@ -38,6 +38,7 @@
|
|||||||
|
|
||||||
#define HTTP_MAX_URI_LEN 9000
|
#define HTTP_MAX_URI_LEN 9000
|
||||||
#define HTTP_MAX_HEADER_LEN 100000
|
#define HTTP_MAX_HEADER_LEN 100000
|
||||||
|
#define HTTP_MAX_STARTING_NEWLINES 8
|
||||||
|
|
||||||
namespace epee
|
namespace epee
|
||||||
{
|
{
|
||||||
@ -203,6 +204,7 @@ namespace net_utils
|
|||||||
m_len_remain(0),
|
m_len_remain(0),
|
||||||
m_config(config),
|
m_config(config),
|
||||||
m_want_close(false),
|
m_want_close(false),
|
||||||
|
m_newlines(0),
|
||||||
m_psnd_hndlr(psnd_hndlr)
|
m_psnd_hndlr(psnd_hndlr)
|
||||||
{
|
{
|
||||||
|
|
||||||
@ -216,6 +218,7 @@ namespace net_utils
|
|||||||
m_body_transfer_type = http_body_transfer_undefined;
|
m_body_transfer_type = http_body_transfer_undefined;
|
||||||
m_query_info.clear();
|
m_query_info.clear();
|
||||||
m_len_summary = 0;
|
m_len_summary = 0;
|
||||||
|
m_newlines = 0;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
//--------------------------------------------------------------------------------------------
|
//--------------------------------------------------------------------------------------------
|
||||||
@ -260,6 +263,13 @@ namespace net_utils
|
|||||||
{
|
{
|
||||||
//some times it could be that before query line cold be few line breaks
|
//some times it could be that before query line cold be few line breaks
|
||||||
//so we have to be calm without panic with assers
|
//so we have to be calm without panic with assers
|
||||||
|
m_newlines += std::string::npos == ndel ? m_cache.size() : ndel;
|
||||||
|
if (m_newlines > HTTP_MAX_STARTING_NEWLINES)
|
||||||
|
{
|
||||||
|
LOG_ERROR("simple_http_connection_handler::handle_buff_out: Too many starting newlines");
|
||||||
|
m_state = http_state_error;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
m_cache.erase(0, ndel);
|
m_cache.erase(0, ndel);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user