Merge pull request #2355 from CortexFoundation/dev

ucwong · web-flow · commit fd55f85d0108 · 2025-05-19T15:08:59.000+01:00
rpc: add method name length limit
diff --git a/rpc/handler.go b/rpc/handler.go
@@ -449,6 +449,10 @@ func (h *handler) handleCall(cp *callProc, msg *jsonrpcMessage) *jsonrpcMessage
 	if msg.isUnsubscribe() {
 		callb = h.unsubscribeCb
 	} else {
+		// Check method name length
+		if len(msg.Method) > maxMethodNameLength {
+			return msg.errorResponse(&invalidRequestError{fmt.Sprintf("method name too long: %d > %d", len(msg.Method), maxMethodNameLength)})
+		}
 		callb = h.reg.callback(msg.Method)
 	}
 	if callb == nil {
@@ -482,6 +486,11 @@ func (h *handler) handleSubscribe(cp *callProc, msg *jsonrpcMessage) *jsonrpcMes
 		return msg.errorResponse(ErrNotificationsUnsupported)
 	}
 
+	// Check method name length
+	if len(msg.Method) > maxMethodNameLength {
+		return msg.errorResponse(&invalidRequestError{fmt.Sprintf("subscription name too long: %d > %d", len(msg.Method), maxMethodNameLength)})
+	}
+
 	// Subscription method name is first argument.
 	name, err := parseSubscriptionName(msg.Params)
 	if err != nil {
diff --git a/rpc/json.go b/rpc/json.go
@@ -35,6 +35,7 @@ const (
 	subscribeMethodSuffix    = "_subscribe"
 	unsubscribeMethodSuffix  = "_unsubscribe"
 	notificationMethodSuffix = "_subscription"
+	maxMethodNameLength      = 2048
 
 	defaultWriteTimeout = 10 * time.Second // used if context has no deadline
 )

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ const (`
`35`	`35`	`subscribeMethodSuffix = "_subscribe"`
`36`	`36`	`unsubscribeMethodSuffix = "_unsubscribe"`
`37`	`37`	`notificationMethodSuffix = "_subscription"`
	`38`	`+ maxMethodNameLength = 2048`
`38`	`39`
`39`	`40`	`defaultWriteTimeout = 10 * time.Second // used if context has no deadline`
`40`	`41`	`)`