From 66d74e76b19a6586991fdada2661514143d9585b Mon Sep 17 00:00:00 2001 From: BlueWall Date: Sun, 3 Mar 2013 09:40:44 -0500 Subject: Add method to remove JsonRpc Handlers from the server --- OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs | 6 ++++++ OpenSim/Framework/Servers/HttpServer/Interfaces/IHttpServer.cs | 2 ++ 2 files changed, 8 insertions(+) (limited to 'OpenSim/Framework/Servers') diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs index 70c531c..58312ab 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs @@ -1912,6 +1912,12 @@ namespace OpenSim.Framework.Servers.HttpServer m_rpcHandlers.Remove(method); } + public void RemoveJsonRPCHandler(string method) + { + lock(jsonRpcHandlers) + jsonRpcHandlers.Remove(method); + } + public bool RemoveLLSDHandler(string path, LLSDMethod handler) { lock (m_llsdHandlers) diff --git a/OpenSim/Framework/Servers/HttpServer/Interfaces/IHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/Interfaces/IHttpServer.cs index 71ca3ff..d162bc1 100644 --- a/OpenSim/Framework/Servers/HttpServer/Interfaces/IHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/Interfaces/IHttpServer.cs @@ -140,6 +140,8 @@ namespace OpenSim.Framework.Servers.HttpServer void RemoveStreamHandler(string httpMethod, string path); void RemoveXmlRPCHandler(string method); + + void RemoveJsonRPCHandler(string method); string GetHTTP404(string host); -- cgit v1.1 From 69fbcdf14c00fc882477b18af962a932db0d54ee Mon Sep 17 00:00:00 2001 From: teravus Date: Tue, 5 Mar 2013 00:04:09 -0500 Subject: * Add a Max Payload size property to the Websocket Server Handler. If you would like to restrict the maximum packet size, (and therefore protect against Memory DOSing) then you should set this. I defaulted it to 40MB. This means that in theory, a malicious user could connect and send a packet that claims that the payload is up to 40 mb (even if it doesn't actually turn out to be 40mb. More testing needs to be done on it where the packets are maliciously malformed. --- .../Servers/HttpServer/WebsocketServerHandler.cs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'OpenSim/Framework/Servers') diff --git a/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs b/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs index bb8825b..ee96b47 100644 --- a/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs +++ b/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs @@ -108,6 +108,7 @@ namespace OpenSim.Framework.Servers.HttpServer private int _bufferLength; private bool _closing; private bool _upgraded; + private int _maxPayloadBytes = 41943040; private const string HandshakeAcceptText = "HTTP/1.1 101 Switching Protocols\r\n" + @@ -196,6 +197,15 @@ namespace OpenSim.Framework.Servers.HttpServer } /// + /// Max Payload Size in bytes. Defaults to 40MB, but could be set upon connection before calling handshake and upgrade. + /// + public int MaxPayloadSize + { + get { return _maxPayloadBytes; } + set { _maxPayloadBytes = value; } + } + + /// /// This triggers the websocket start the upgrade process /// public void HandshakeAndUpgrade() @@ -367,7 +377,12 @@ namespace OpenSim.Framework.Servers.HttpServer if (headerread) { _socketState.FrameComplete = false; - + if (pheader.PayloadLen > (ulong) _maxPayloadBytes) + { + Close("Invalid Payload size"); + + return; + } if (pheader.PayloadLen > 0) { if ((int) pheader.PayloadLen > _bufferPosition - offset) -- cgit v1.1