-
Notifications
You must be signed in to change notification settings - Fork 36.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: Restrict maximum size of http + headers #6859
Conversation
12eb669
to
3ae69de
Compare
|
@@ -414,6 +417,7 @@ bool InitHTTPServer() | |||
} | |||
|
|||
evhttp_set_timeout(http, GetArg("-rpcservertimeout", DEFAULT_HTTP_SERVER_TIMEOUT)); | |||
evhttp_set_max_headers_size(http, MAX_HEADERS_SIZE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, this PR is only further restricting the headers.
Shouldn't the title be then: "http: Restrict maximum size of headers"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should also be restricting the body size, but to something much larger.
Edit: derp it is below!
To be precise, it restricts the size of request line + headers, the first part of the request. The body is limited separately (to a much larger size). #6844 should use POST data to submit the transaction, which is not affected by this. |
ut ACK - agree "http + headers" in commit msg seemed to imply http body |
Prevent memory exhaustion by sending lots of data. Also add a test to `httpbasics.py`. Closes bitcoin#6425
3ae69de
to
41db8c4
Compare
Updated the ocmmit message |
utACK
|
ACK |
utACK |
41db8c4 http: Restrict maximum size of request line + headers (Wladimir J. van der Laan)
HTTP Server cherries from Core: bitcoin/bitcoin#6719 - Make HTTP server shutdown more graceful bitcoin/bitcoin#6859 - http: Restrict maximum size of http + headers bitcoin/bitcoin#6990 - http: speed up shutdown bitcoin/bitcoin#7966 - http: Do a pending c++11 simplification handling work items bitcoin/bitcoin#8421 - httpserver: drop boost (#8023 dependency) bitcoin/bitcoin#11006 - Improve shutdown process
HTTP Server cherries from Core: bitcoin/bitcoin#6719 - Make HTTP server shutdown more graceful bitcoin/bitcoin#6859 - http: Restrict maximum size of http + headers bitcoin/bitcoin#6990 - http: speed up shutdown bitcoin/bitcoin#7966 - http: Do a pending c++11 simplification handling work items bitcoin/bitcoin#8421 - httpserver: drop boost (#8023 dependency) bitcoin/bitcoin#11006 - Improve shutdown process
Small httpserver.cpp backports Also includes a change to the `uiInterface.NotifyBlockTip` signal API. These remove merge conflicts from subsequent backports for `sync.h`. Cherry-picked from the following upstream PRs: - bitcoin/bitcoin#6859 - bitcoin/bitcoin#7112 - Only the non-QT changes. - bitcoin/bitcoin#7966 - bitcoin/bitcoin#8421 - We already backported the second commit in #2555
Prevent memory exhaustion by sending lots of data.
Also add a test to
httpbasics.py
.Closes #6425