diff --git a/pkg/rpc/server/server.go b/pkg/rpc/server/server.go index 015d162b4..ea34bfa56 100644 --- a/pkg/rpc/server/server.go +++ b/pkg/rpc/server/server.go @@ -74,6 +74,9 @@ const ( // treated like subscriber, so technically it's a limit on websocket // connections. maxSubscribers = 64 + + // Maximum number of elements for get*transfers requests. + maxTransfersLimit = 1000 ) var rpcHandlers = map[string]func(*Server, request.Params) (interface{}, *response.Error){ @@ -453,6 +456,8 @@ func (s *Server) getVersion(_ request.Params) (interface{}, *response.Error) { func getTimestampsAndLimit(ps request.Params, index int) (uint32, uint32, int, int, error) { var start, end uint32 var limit, page int + + limit = maxTransfersLimit pStart, pEnd, pLimit, pPage := ps.Value(index), ps.Value(index+1), ps.Value(index+2), ps.Value(index+3) if pPage != nil { p, err := pPage.GetInt() @@ -472,6 +477,9 @@ func getTimestampsAndLimit(ps request.Params, index int) (uint32, uint32, int, i if l <= 0 { return 0, 0, 0, 0, errors.New("can't use negative or zero limit") } + if l > maxTransfersLimit { + return 0, 0, 0, 0, errors.New("too big limit requested") + } limit = l } if pEnd != nil {