highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-11 06:28:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

http: Restrict maximum size of request line + headers

Browse Source 
Prevent memory exhaustion by sending lots of data.
Also add a test to `httpbasics.py`.

Closes #6425
This commit is contained in:
Wladimir J. van der Laan
2015-10-20 11:35:10 +02:00
parent da7d57fb95
commit 41db8c4733
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
qa/rpc-tests/httpbasics.py
View File

@@ -97,5 +97,19 @@ class HTTPBasicsTest (BitcoinTestFramework):
assert_equal('"error":null' in out1, True)
assert_equal(conn.sock!=None, True) #connection must be closed because bitcoind should use keep-alive by default
# Check excessive request size
conn = httplib.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('GET', '/' + ('x'*1000), '', headers)
out1 = conn.getresponse()
assert_equal(out1.status, httplib.NOT_FOUND)
conn = httplib.HTTPConnection(urlNode2.hostname, urlNode2.port)
conn.connect()
conn.request('GET', '/' + ('x'*10000), '', headers)
out1 = conn.getresponse()
assert_equal(out1.status, httplib.BAD_REQUEST)
if __name__ == '__main__':
HTTPBasicsTest ().main ()