From 071db75f0416305d330d29ce2a8da40ef9043277 Mon Sep 17 00:00:00 2001 From: JoelKatz Date: Mon, 9 Dec 2013 00:33:42 -0800 Subject: [PATCH] Add a 1 MB payload limit to incoming websocket requests --- src/ripple_app/main/RPCHTTPServer.cpp | 3 ++- src/ripple_app/rpc/RPCServerHandler.cpp | 3 ++- src/ripple_app/websocket/WSConnection.cpp | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/ripple_app/main/RPCHTTPServer.cpp b/src/ripple_app/main/RPCHTTPServer.cpp index b2e7cdda76..8b3bbf5c51 100644 --- a/src/ripple_app/main/RPCHTTPServer.cpp +++ b/src/ripple_app/main/RPCHTTPServer.cpp @@ -178,7 +178,8 @@ public: { Json::Reader reader; - if (! reader.parse (request, jvRequest) || + if ((request.size () > 1000000) || + ! reader.parse (request, jvRequest) || jvRequest.isNull () || ! jvRequest.isObject ()) { diff --git a/src/ripple_app/rpc/RPCServerHandler.cpp b/src/ripple_app/rpc/RPCServerHandler.cpp index dec41804ab..23fcc68e03 100644 --- a/src/ripple_app/rpc/RPCServerHandler.cpp +++ b/src/ripple_app/rpc/RPCServerHandler.cpp @@ -42,7 +42,8 @@ std::string RPCServerHandler::processRequest (std::string const& request, std::s { Json::Reader reader; - if (! reader.parse (request, jvRequest) || + if ((request.size() > 1000000) || + ! reader.parse (request, jvRequest) || jvRequest.isNull () || ! jvRequest.isObject ()) { diff --git a/src/ripple_app/websocket/WSConnection.cpp b/src/ripple_app/websocket/WSConnection.cpp index 9a5144493f..a193ab5813 100644 --- a/src/ripple_app/websocket/WSConnection.cpp +++ b/src/ripple_app/websocket/WSConnection.cpp @@ -60,9 +60,9 @@ void WSConnection::rcvMessage (message_ptr msg, bool& msgRejected, bool& runQueu return; } - if (m_isDead || (m_receiveQueue.size () >= 1000)) + if ((m_receiveQueue.size () >= 1000) || (msg->get_payload().size() > 1000000)) { - msgRejected = !m_isDead; + msgRejected = true; runQueue = false; } else