Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http: Restrict maximum size of http + headers #6859

Merged
merged 1 commit into from Oct 21, 2015

Conversation

@laanwj
Copy link
Member

laanwj commented Oct 20, 2015

Prevent memory exhaustion by sending lots of data.
Also add a test to httpbasics.py.

Closes #6425

@laanwj laanwj added the RPC/REST/ZMQ label Oct 20, 2015
@laanwj laanwj force-pushed the laanwj:2015_10_max_http_headers branch Oct 20, 2015
@dcousens
Copy link
Contributor

dcousens commented Oct 20, 2015

Will this restrict #6844 such that transactions greater than 8kB will be restricted?

@@ -414,6 +417,7 @@ bool InitHTTPServer()
}

evhttp_set_timeout(http, GetArg("-rpcservertimeout", DEFAULT_HTTP_SERVER_TIMEOUT));
evhttp_set_max_headers_size(http, MAX_HEADERS_SIZE);

This comment has been minimized.

Copy link
@dcousens

dcousens Oct 20, 2015

Contributor

Wait, this PR is only further restricting the headers.
Shouldn't the title be then: "http: Restrict maximum size of headers"

This comment has been minimized.

Copy link
@pstratem

pstratem Oct 21, 2015

Contributor

This should also be restricting the body size, but to something much larger.

Edit: derp it is below!

@laanwj
Copy link
Member Author

laanwj commented Oct 20, 2015

To be precise, it restricts the size of request line + headers, the first part of the request. The body is limited separately (to a much larger size).

#6844 should use POST data to submit the transaction, which is not affected by this.

@jgarzik
Copy link
Contributor

jgarzik commented Oct 20, 2015

ut ACK - agree "http + headers" in commit msg seemed to imply http body

Prevent memory exhaustion by sending lots of data.
Also add a test to `httpbasics.py`.

Closes #6425
@laanwj laanwj force-pushed the laanwj:2015_10_max_http_headers branch to 41db8c4 Oct 20, 2015
@laanwj
Copy link
Member Author

laanwj commented Oct 20, 2015

Updated the ocmmit message

@sipa
Copy link
Member

sipa commented Oct 20, 2015

@dcousens
Copy link
Contributor

dcousens commented Oct 21, 2015

ACK

@pstratem
Copy link
Contributor

pstratem commented Oct 21, 2015

utACK

@laanwj laanwj merged commit 41db8c4 into bitcoin:master Oct 21, 2015
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
laanwj added a commit that referenced this pull request Oct 21, 2015
41db8c4 http: Restrict maximum size of request line + headers (Wladimir J. van der Laan)
sickpig added a commit to sickpig/BitcoinUnlimited that referenced this pull request Mar 12, 2018
HTTP Server cherries from Core:

bitcoin/bitcoin#6719 - Make HTTP server shutdown more graceful
bitcoin/bitcoin#6859 - http: Restrict maximum size of http + headers
bitcoin/bitcoin#6990 - http: speed up shutdown
bitcoin/bitcoin#7966 - http: Do a pending c++11 simplification handling work items
bitcoin/bitcoin#8421 - httpserver: drop boost (#8023 dependency)
bitcoin/bitcoin#11006 - Improve shutdown process
marlengit added a commit to marlengit/BitcoinUnlimited that referenced this pull request Sep 25, 2018
HTTP Server cherries from Core:

bitcoin/bitcoin#6719 - Make HTTP server shutdown more graceful
bitcoin/bitcoin#6859 - http: Restrict maximum size of http + headers
bitcoin/bitcoin#6990 - http: speed up shutdown
bitcoin/bitcoin#7966 - http: Do a pending c++11 simplification handling work items
bitcoin/bitcoin#8421 - httpserver: drop boost (#8023 dependency)
bitcoin/bitcoin#11006 - Improve shutdown process
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.