commit 46fed50db1edd4e3590fc3d7bcda565907c16b7a
parent e11c589766c1fc8df0245d190213aa2d8791beb2
Author: Antoine A <>
Date: Fri, 17 Dec 2021 14:40:50 +0100
wire-gateway: reduce max paylaod size to 4kB
Diffstat:
4 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/btc-wire/src/bin/test.rs b/btc-wire/src/bin/test.rs
@@ -17,7 +17,7 @@ pub fn main() {
let test_amount = Amount::from_sat(1500);
let data_dir = default_data_dir();
// Network check
- let network = Network::Bitcoin;
+ let network = Network::Regtest;
match network {
Network::Bitcoin => {
panic!("Do not run tests on the mainnet, you are going to loose money")
diff --git a/script/test_btc_fail.sh b/script/test_btc_fail.sh
@@ -70,6 +70,8 @@ sleep 20
next_btc # Trigger watcher
sleep 20
next_btc # Mine transactions
+sleep 20
+next_btc # Mine transactions
echo " OK"
echo -n "Requesting exchange outgoing transaction list:"
diff --git a/script/test_gateway.sh b/script/test_gateway.sh
@@ -119,7 +119,7 @@ test `curl -w %{http_code} -s -o /dev/null -H "Content-Type: application/json" -
echo "----- Security -----"
# Generate big random file
-printf 'HelloWorld%s' {1..100000} > $TEMP_FILE
+printf 'HelloWorld%s' {1..1000} > $TEMP_FILE
echo -n "Handle huge body:"
test `curl -w %{http_code} -X POST -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
@@ -128,7 +128,7 @@ echo -n "Handle body length liar:"
test `curl -w %{http_code} -X POST -H"Content-Length:1024" -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
# Generate compression bomb
-printf 'HelloWorld%s' {1..100000} | pigz -z9 > $TEMP_FILE
+printf 'HelloWorld%s' {1..1000} | pigz -z9 > $TEMP_FILE
echo -n "Handle compression bomb:"
test `curl -w %{http_code} -X POST -H"Content-Encoding:deflate" -s -o /dev/null --data-binary @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
diff --git a/wire-gateway/src/json.rs b/wire-gateway/src/json.rs
@@ -1,7 +1,7 @@
use hyper::{body::HttpBody, header, http::request::Parts, Body, Response, StatusCode};
use miniz_oxide::inflate::TINFLStatus;
-const MAX_ALLOWED_RESPONSE_SIZE: u64 = 1024 * 1024; // 1MB
+const MAX_PAYLOAD_SIZE: u64 = 4 * 1024; // 4kB
#[derive(Debug, thiserror::Error)]
pub enum ParseBodyError {
@@ -23,7 +23,7 @@ pub async fn parse_body<J: serde::de::DeserializeOwned>(
body: Body,
) -> Result<J, ParseBodyError> {
// Check announced body size
- if body.size_hint().upper().unwrap_or(u64::MAX) > MAX_ALLOWED_RESPONSE_SIZE {
+ if body.size_hint().upper().unwrap_or(u64::MAX) > MAX_PAYLOAD_SIZE {
return Err(ParseBodyError::SuspiciousBody);
}
// Read body
@@ -38,7 +38,7 @@ pub async fn parse_body<J: serde::de::DeserializeOwned>(
{
let decompressed = miniz_oxide::inflate::decompress_to_vec_zlib_with_limit(
&bytes,
- MAX_ALLOWED_RESPONSE_SIZE as usize,
+ MAX_PAYLOAD_SIZE as usize,
)
.map_err(|s| match s {
TINFLStatus::HasMoreOutput => ParseBodyError::SuspiciousCompression,
