From d511f6e5a9502f49c8941e1da959e64a263497ab Mon Sep 17 00:00:00 2001
From: Anna Shaleva <shaleva.ann@nspcc.ru>
Date: Thu, 23 Nov 2023 13:39:24 +0300
Subject: [PATCH] confi: add MaxRequestHeaderBytes RPC configuration option

A part of #3131, follow the notion of https://github.com/neo-project/neo-modules/pull/827,
but don't restrict request line size due to https://github.com/golang/go/issues/15494.

Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
---
 docs/node-configuration.md    |  3 +++
 pkg/config/config.go          |  4 ++++
 pkg/config/rpc_config.go      |  1 +
 pkg/services/rpcsrv/server.go | 45 ++++++++++++++++++++---------------
 4 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/docs/node-configuration.md b/docs/node-configuration.md
index 3648108fd..1c14bc76a 100644
--- a/docs/node-configuration.md
+++ b/docs/node-configuration.md
@@ -188,6 +188,7 @@ RPC:
   MaxFindStoragePageSize: 50
   MaxNEP11Tokens: 100
   MaxRequestBodyBytes: 5242880
+  MaxRequestHeaderBytes: 1048576
   MaxWebSocketClients: 64
   SessionEnabled: false
   SessionExpirationTime: 15
@@ -228,6 +229,8 @@ where:
   `getnep11balances` call.
 - `MaxRequestBodyBytes` - the maximum allowed HTTP request body size in bytes
   (5MB by default).
+- `MaxRequestHeaderBytes` - the maximum allowed HTTP request header size in bytes
+  (1MB by default).
 - `MaxWebSocketClients` - the maximum simultaneous websocket client connection
   number (64 by default). Attempts to establish additional connections will
   lead to websocket handshake failures. Use "-1" to disable websocket
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 4faf31a98..cd2c157c3 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -3,6 +3,7 @@ package config
 import (
 	"bytes"
 	"fmt"
+	"net/http"
 	"os"
 	"time"
 
@@ -33,6 +34,9 @@ const (
 	// DefaultMaxRequestBodyBytes is the default maximum allowed size of HTTP
 	// request body in bytes.
 	DefaultMaxRequestBodyBytes = 5 * 1024 * 1024
+	// DefaultMaxRequestHeaderBytes is the maximum permitted size of the headers
+	// in an HTTP request.
+	DefaultMaxRequestHeaderBytes = http.DefaultMaxHeaderBytes
 )
 
 // Version is the version of the node, set at the build time.
diff --git a/pkg/config/rpc_config.go b/pkg/config/rpc_config.go
index b0c62bf3a..c9b0a1630 100644
--- a/pkg/config/rpc_config.go
+++ b/pkg/config/rpc_config.go
@@ -17,6 +17,7 @@ type (
 		MaxFindStorageResultItems int           `yaml:"MaxFindStoragePageSize"`
 		MaxNEP11Tokens            int           `yaml:"MaxNEP11Tokens"`
 		MaxRequestBodyBytes       int           `yaml:"MaxRequestBodyBytes"`
+		MaxRequestHeaderBytes     int           `yaml:"MaxRequestHeaderBytes"`
 		MaxWebSocketClients       int           `yaml:"MaxWebSocketClients"`
 		SessionEnabled            bool          `yaml:"SessionEnabled"`
 		SessionExpirationTime     int           `yaml:"SessionExpirationTime"`
diff --git a/pkg/services/rpcsrv/server.go b/pkg/services/rpcsrv/server.go
index 2ec692cb6..6e7a6ff55 100644
--- a/pkg/services/rpcsrv/server.go
+++ b/pkg/services/rpcsrv/server.go
@@ -267,25 +267,6 @@ var rpcWsHandlers = map[string]func(*Server, params.Params, *subscriber) (any, *
 // untyped nil or non-nil structure implementing OracleHandler interface.
 func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 	orc OracleHandler, log *zap.Logger, errChan chan<- error) Server {
-	addrs := conf.Addresses
-	httpServers := make([]*http.Server, len(addrs))
-	for i, addr := range addrs {
-		httpServers[i] = &http.Server{
-			Addr: addr,
-		}
-	}
-
-	var tlsServers []*http.Server
-	if cfg := conf.TLSConfig; cfg.Enabled {
-		addrs := cfg.Addresses
-		tlsServers = make([]*http.Server, len(addrs))
-		for i, addr := range addrs {
-			tlsServers[i] = &http.Server{
-				Addr: addr,
-			}
-		}
-	}
-
 	protoCfg := chain.GetConfig().ProtocolConfiguration
 	if conf.SessionEnabled {
 		if conf.SessionExpirationTime <= 0 {
@@ -317,6 +298,10 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 		conf.MaxRequestBodyBytes = config.DefaultMaxRequestBodyBytes
 		log.Info("MaxRequestBodyBytes is not set or wong, setting default value", zap.Int("MaxRequestBodyBytes", config.DefaultMaxRequestBodyBytes))
 	}
+	if conf.MaxRequestHeaderBytes <= 0 {
+		conf.MaxRequestHeaderBytes = config.DefaultMaxRequestHeaderBytes
+		log.Info("MaxRequestHeaderBytes is not set or wong, setting default value", zap.Int("MaxRequestHeaderBytes", config.DefaultMaxRequestHeaderBytes))
+	}
 	if conf.MaxWebSocketClients == 0 {
 		conf.MaxWebSocketClients = defaultMaxWebSocketClients
 		log.Info("MaxWebSocketClients is not set or wrong, setting default value", zap.Int("MaxWebSocketClients", defaultMaxWebSocketClients))
@@ -329,6 +314,28 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 	if conf.EnableCORSWorkaround {
 		wsOriginChecker = func(_ *http.Request) bool { return true }
 	}
+
+	addrs := conf.Addresses
+	httpServers := make([]*http.Server, len(addrs))
+	for i, addr := range addrs {
+		httpServers[i] = &http.Server{
+			Addr:           addr,
+			MaxHeaderBytes: conf.MaxRequestHeaderBytes,
+		}
+	}
+
+	var tlsServers []*http.Server
+	if cfg := conf.TLSConfig; cfg.Enabled {
+		addrs := cfg.Addresses
+		tlsServers = make([]*http.Server, len(addrs))
+		for i, addr := range addrs {
+			tlsServers[i] = &http.Server{
+				Addr:           addr,
+				MaxHeaderBytes: conf.MaxRequestHeaderBytes,
+			}
+		}
+	}
+
 	return Server{
 		http:  httpServers,
 		https: tlsServers,