Limit the amount of data the server will read

Set a hard limit on 30KB that the server is willing to read, over two sequential reads. If the client sends more than 30KB combined, the server will disconnect the client.
2021-04-20 11:51:22 -05:00 · 2021-04-20 11:51:22 -05:00 · 2f69b51280
commit 2f69b51280
parent 9c3cd12202
2 changed files with 10 additions and 0 deletions
--- a/include/aoclient.h
+++ b/include/aoclient.h
@ -2049,6 +2049,11 @@ class AOClient : public QObject {
     * @param incoming_message QString to be decoded.
     */
    QString decodeMessage(QString incoming_message);
+
+    /**
+     * @brief The size, in bytes, of the last data the client sent to the server.
+     */
+    int last_read;
 };

 #endif // AOCLIENT_H
--- a/src/aoclient.cpp
+++ b/src/aoclient.cpp
@ -19,7 +19,12 @@

 void AOClient::clientData()
 {
+    if (last_read + socket->bytesAvailable() > 30720) { // Client can send a max of 30KB to the server over two sequential reads
+        socket->close();
+    }
+
    QString data = QString::fromUtf8(socket->readAll());
+    last_read = data.size();

    if (is_partial) {
        data = partial_packet + data;