diff --git a/contrib/epee/include/net/http_protocol_handler.h b/contrib/epee/include/net/http_protocol_handler.h index 569b6128..aa4dfa9a 100644 --- a/contrib/epee/include/net/http_protocol_handler.h +++ b/contrib/epee/include/net/http_protocol_handler.h @@ -137,6 +137,7 @@ namespace net_utils bool m_is_stop_handling; http::http_request_info m_query_info; size_t m_len_summary, m_len_remain; + size_t m_precommand_line_chars; config_type& m_config; bool m_want_close; protected: diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index d981cdc8..41d1384f 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -33,8 +33,9 @@ #include "file_io_utils.h" #include "net_parse_helpers.h" -#define HTTP_MAX_URI_LEN 9000 -#define HTTP_MAX_HEADER_LEN 100000 +#define HTTP_MAX_URI_LEN 9000 +#define HTTP_MAX_PRE_COMMAND_LINE_CHARS 20 +#define HTTP_MAX_HEADER_LEN 100000 PUSH_WARNINGS DISABLE_GCC_WARNING(maybe-uninitialized) @@ -204,7 +205,8 @@ namespace net_utils m_len_remain(0), m_config(config), m_want_close(false), - m_psnd_hndlr(psnd_hndlr) + m_psnd_hndlr(psnd_hndlr), + m_precommand_line_chars(0) { } @@ -217,6 +219,7 @@ namespace net_utils m_body_transfer_type = http_body_transfer_undefined; m_query_info.clear(); m_len_summary = 0; + m_precommand_line_chars = 0; return true; } //-------------------------------------------------------------------------------------------- @@ -257,11 +260,19 @@ namespace net_utils if((m_cache[0] == '\r' || m_cache[0] == '\n')) { //some times it could be that before query line cold be few line breaks - //so we have to be calm without panic with assers + //so we have to be calm down without panic and asserts m_cache.erase(0, 1); + + //fixed bug with possible '\r\n' chars flood, thanks to @anonimal (https://github.com/anonimal) for pointing this + ++m_precommand_line_chars; + if (m_precommand_line_chars > HTTP_MAX_PRE_COMMAND_LINE_CHARS) + { + LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too long URI line"); + m_state = http_state_error; + return false; + } break; } - if(std::string::npos != m_cache.find('\n', 0)) handle_invoke_query_line(); else @@ -269,7 +280,7 @@ namespace net_utils m_is_stop_handling = true; if(m_cache.size() > HTTP_MAX_URI_LEN) { - LOG_ERROR("simple_http_connection_handler::handle_buff_out: Too long URI line"); + LOG_ERROR("simple_http_connection_handler::handle_buff_in: Too long URI line"); m_state = http_state_error; return false; } @@ -297,10 +308,10 @@ namespace net_utils case http_state_connection_close: return false; default: - LOG_ERROR("simple_http_connection_handler::handle_char_out: Wrong state: " << m_state); + LOG_ERROR("simple_http_connection_handler::handle_buff_in: Wrong state: " << m_state); return false; case http_state_error: - LOG_ERROR("simple_http_connection_handler::handle_char_out: Error state!!!"); + LOG_ERROR("simple_http_connection_handler::handle_buff_in: Error state!!!"); return false; } diff --git a/tests/functional_tests/difficulty_analysis.cpp b/tests/functional_tests/difficulty_analysis.cpp index 6a11e4d4..9dfef6f2 100644 --- a/tests/functional_tests/difficulty_analysis.cpp +++ b/tests/functional_tests/difficulty_analysis.cpp @@ -147,13 +147,16 @@ currency::wide_difficulty_type bbr_next_difficulty_configurable(std::vector(); } + + currency::wide_difficulty_type bbr_next_difficulty_composit(std::vector& timestamps, std::vector& cumulative_difficulties, size_t target_seconds, size_t REDEF_DIFFICULTY_WINDOW, size_t REDEF_DIFFICULTY_CUT_OLD, size_t REDEF_DIFFICULTY_CUT_LAST) { sort(timestamps.begin(), timestamps.end(), std::greater()); std::vector timestamps_local = timestamps; currency::wide_difficulty_type dif = bbr_next_difficulty_configurable(timestamps_local, cumulative_difficulties, target_seconds, REDEF_DIFFICULTY_WINDOW, REDEF_DIFFICULTY_CUT_OLD, REDEF_DIFFICULTY_CUT_LAST); currency::wide_difficulty_type dif2 = bbr_next_difficulty_configurable(timestamps_local, cumulative_difficulties, target_seconds, 200, 5, 5); - return (dif2 + dif) / 2; + currency::wide_difficulty_type dif3 = bbr_next_difficulty_configurable(timestamps_local, cumulative_difficulties, target_seconds, 40, 1, 1); + return (dif3 + dif2 + dif) / 3; } currency::wide_difficulty_type bbr_next_difficulty2(std::vector& timestamps, std::vector& cumulative_difficulties, size_t target_seconds)