rpc/server: limit the maximum number of elements for get*transfers

This commit is contained in:
Roman Khimov 2020-09-14 17:48:17 +03:00
parent 56d57611ca
commit 010c22e2b5

View file

@ -74,6 +74,9 @@ const (
// treated like subscriber, so technically it's a limit on websocket // treated like subscriber, so technically it's a limit on websocket
// connections. // connections.
maxSubscribers = 64 maxSubscribers = 64
// Maximum number of elements for get*transfers requests.
maxTransfersLimit = 1000
) )
var rpcHandlers = map[string]func(*Server, request.Params) (interface{}, *response.Error){ var rpcHandlers = map[string]func(*Server, request.Params) (interface{}, *response.Error){
@ -453,6 +456,8 @@ func (s *Server) getVersion(_ request.Params) (interface{}, *response.Error) {
func getTimestampsAndLimit(ps request.Params, index int) (uint32, uint32, int, int, error) { func getTimestampsAndLimit(ps request.Params, index int) (uint32, uint32, int, int, error) {
var start, end uint32 var start, end uint32
var limit, page int var limit, page int
limit = maxTransfersLimit
pStart, pEnd, pLimit, pPage := ps.Value(index), ps.Value(index+1), ps.Value(index+2), ps.Value(index+3) pStart, pEnd, pLimit, pPage := ps.Value(index), ps.Value(index+1), ps.Value(index+2), ps.Value(index+3)
if pPage != nil { if pPage != nil {
p, err := pPage.GetInt() p, err := pPage.GetInt()
@ -472,6 +477,9 @@ func getTimestampsAndLimit(ps request.Params, index int) (uint32, uint32, int, i
if l <= 0 { if l <= 0 {
return 0, 0, 0, 0, errors.New("can't use negative or zero limit") return 0, 0, 0, 0, errors.New("can't use negative or zero limit")
} }
if l > maxTransfersLimit {
return 0, 0, 0, 0, errors.New("too big limit requested")
}
limit = l limit = l
} }
if pEnd != nil { if pEnd != nil {