From 32dcce0ac191ffb8369c05afa3ad7e93c12ad62d Mon Sep 17 00:00:00 2001 From: Trent Nelson Date: Wed, 16 Sep 2020 12:50:43 -0600 Subject: [PATCH] RPC: Limit request payload size to 50kB --- core/src/rpc.rs | 2 ++ core/src/rpc_pubsub_service.rs | 3 ++- core/src/rpc_service.rs | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/core/src/rpc.rs b/core/src/rpc.rs index 3e92a3866c..e5b0a55eec 100644 --- a/core/src/rpc.rs +++ b/core/src/rpc.rs @@ -78,6 +78,8 @@ use std::{ }; use tokio::runtime; +pub const MAX_REQUEST_PAYLOAD_SIZE: usize = 50 * (1 << 10); // 50kB + fn new_response(bank: &Bank, value: T) -> RpcResponse { let context = RpcResponseContext { slot: bank.slot() }; Response { context, value } diff --git a/core/src/rpc_pubsub_service.rs b/core/src/rpc_pubsub_service.rs index 53c2fa6b66..a3fcea38a4 100644 --- a/core/src/rpc_pubsub_service.rs +++ b/core/src/rpc_pubsub_service.rs @@ -1,6 +1,7 @@ //! The `pubsub` module implements a threaded subscription service on client RPC request use crate::{ + rpc::MAX_REQUEST_PAYLOAD_SIZE, rpc_pubsub::{RpcSolPubSub, RpcSolPubSubImpl}, rpc_subscriptions::RpcSubscriptions, }; @@ -44,7 +45,7 @@ impl PubSubService { session }) .max_connections(1000) // Arbitrary, default of 100 is too low - .max_payload(10 * 1024 * 1024 + 1024) // max account size (10MB) + extra (1K) + .max_payload(MAX_REQUEST_PAYLOAD_SIZE) .start(&pubsub_addr); if let Err(e) = server { diff --git a/core/src/rpc_service.rs b/core/src/rpc_service.rs index 4443ff8b35..443be89a17 100644 --- a/core/src/rpc_service.rs +++ b/core/src/rpc_service.rs @@ -353,6 +353,7 @@ impl JsonRpcService { ])) .cors_max_age(86400) .request_middleware(request_middleware) + .max_request_body_size(MAX_REQUEST_PAYLOAD_SIZE) .start_http(&rpc_addr); if let Err(e) = server {