fixed bug with possible http server flood

2019-02-08 21:33:26 +01:00 · 2019-02-08 21:33:26 +01:00 · 257d63d2b1
commit 257d63d2b1
parent 128ce34cf5
3 changed files with 24 additions and 9 deletions
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@ -137,6 +137,7 @@ namespace net_utils
 			bool m_is_stop_handling;
 			http::http_request_info m_query_info;
 			size_t m_len_summary, m_len_remain;
+      size_t m_precommand_line_chars;
 			config_type& m_config;
 			bool m_want_close;
 		protected:
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@ -33,8 +33,9 @@
 #include "file_io_utils.h"
 #include "net_parse_helpers.h"

-#define HTTP_MAX_URI_LEN		 9000 
-#define HTTP_MAX_HEADER_LEN		 100000
+#define HTTP_MAX_URI_LEN	              	 9000 
+#define HTTP_MAX_PRE_COMMAND_LINE_CHARS		 20 
+#define HTTP_MAX_HEADER_LEN		             100000

 PUSH_WARNINGS
 DISABLE_GCC_WARNING(maybe-uninitialized)
@ -204,7 +205,8 @@ namespace net_utils
 		m_len_remain(0),
 		m_config(config), 
 		m_want_close(false),
-        m_psnd_hndlr(psnd_hndlr)
+    m_psnd_hndlr(psnd_hndlr), 
+    m_precommand_line_chars(0)
 	{

 	}
@ -217,6 +219,7 @@ namespace net_utils
 		m_body_transfer_type = http_body_transfer_undefined;
 		m_query_info.clear();
 		m_len_summary = 0;
+    m_precommand_line_chars = 0;
 		return true;
 	}
 	//--------------------------------------------------------------------------------------------
@ -257,11 +260,19 @@ namespace net_utils
 				if((m_cache[0] == '\r' || m_cache[0] == '\n'))
 				{
          //some times it could be that before query line cold be few line breaks
-          //so we have to be calm without panic with assers
+          //so we have to be calm down without panic and asserts
 					m_cache.erase(0, 1);
+
+          //fixed bug with possible '\r\n' chars flood, thanks to @anonimal (https://github.com/anonimal) for pointing this
+          ++m_precommand_line_chars;
+          if (m_precommand_line_chars > HTTP_MAX_PRE_COMMAND_LINE_CHARS)
+          {
+            LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too long URI line");
+            m_state = http_state_error;
+            return false;
+          }
 					break;
 				}
-
 				if(std::string::npos != m_cache.find('\n', 0))
 					handle_invoke_query_line();
 				else
@ -269,7 +280,7 @@ namespace net_utils
 					m_is_stop_handling = true;
 					if(m_cache.size() > HTTP_MAX_URI_LEN)
 					{
-						LOG_ERROR("simple_http_connection_handler::handle_buff_out: Too long URI line");
+						LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too long URI line");
 						m_state = http_state_error;
 						return false;
 					}
@ -297,10 +308,10 @@ namespace net_utils
 			case http_state_connection_close:
 				return false;
 			default:
-				LOG_ERROR("simple_http_connection_handler::handle_char_out: Wrong state: " << m_state);
+				LOG_ERROR("simple_http_connection_handler::handle_buff_in: Wrong state: " << m_state);
 				return false;
 			case http_state_error:
-				LOG_ERROR("simple_http_connection_handler::handle_char_out: Error state!!!");
+				LOG_ERROR("simple_http_connection_handler::handle_buff_in: Error state!!!");
 				return false;
 			}

--- a/tests/functional_tests/difficulty_analysis.cpp
+++ b/tests/functional_tests/difficulty_analysis.cpp
@ -147,13 +147,16 @@ currency::wide_difficulty_type bbr_next_difficulty_configurable(std::vector<uint
  return res.convert_to<currency::wide_difficulty_type>();
 }

+
+
 currency::wide_difficulty_type bbr_next_difficulty_composit(std::vector<uint64_t>& timestamps, std::vector<currency::wide_difficulty_type>& cumulative_difficulties, size_t target_seconds, size_t REDEF_DIFFICULTY_WINDOW, size_t REDEF_DIFFICULTY_CUT_OLD, size_t REDEF_DIFFICULTY_CUT_LAST)
 {
  sort(timestamps.begin(), timestamps.end(), std::greater<uint64_t>());
  std::vector<uint64_t> timestamps_local = timestamps;
  currency::wide_difficulty_type dif = bbr_next_difficulty_configurable(timestamps_local, cumulative_difficulties, target_seconds, REDEF_DIFFICULTY_WINDOW, REDEF_DIFFICULTY_CUT_OLD, REDEF_DIFFICULTY_CUT_LAST);
  currency::wide_difficulty_type dif2 = bbr_next_difficulty_configurable(timestamps_local, cumulative_difficulties, target_seconds, 200, 5, 5);
-  return (dif2 + dif) / 2;
+  currency::wide_difficulty_type dif3 = bbr_next_difficulty_configurable(timestamps_local, cumulative_difficulties, target_seconds, 40, 1, 1);
+  return (dif3 + dif2 + dif) / 3;
 }

 currency::wide_difficulty_type bbr_next_difficulty2(std::vector<uint64_t>& timestamps, std::vector<currency::wide_difficulty_type>& cumulative_difficulties, size_t target_seconds)