From b701d04ac9e97c05c583230cd4956f9569b51e9a Mon Sep 17 00:00:00 2001
From: Jim Posen <jim.posen@gmail.com>
Date: Sun, 22 Jul 2018 11:24:30 -0700
Subject: [PATCH] Enforce limit on header range length in light client logs
 request.

---
 rpc/src/v1/helpers/errors.rs      |  8 ++++++++
 rpc/src/v1/helpers/light_fetch.rs | 13 +++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/rpc/src/v1/helpers/errors.rs b/rpc/src/v1/helpers/errors.rs
index 4afd40ff843..33575fcf1f4 100644
--- a/rpc/src/v1/helpers/errors.rs
+++ b/rpc/src/v1/helpers/errors.rs
@@ -101,6 +101,14 @@ pub fn request_rejected_limit() -> Error {
 	}
 }
 
+pub fn request_rejected_param_limit(limit: u64, items_desc: &str) -> Error {
+	Error {
+		code: ErrorCode::ServerError(codes::REQUEST_REJECTED_LIMIT),
+		message: format!("Requested data size exceeds limit of {} {}.", limit, items_desc),
+		data: None,
+	}
+}
+
 pub fn account<T: fmt::Debug>(error: &str, details: T) -> Error {
 	Error {
 		code: ErrorCode::ServerError(codes::ACCOUNT_ERROR),
diff --git a/rpc/src/v1/helpers/light_fetch.rs b/rpc/src/v1/helpers/light_fetch.rs
index 5461160ac3e..1ea782fb076 100644
--- a/rpc/src/v1/helpers/light_fetch.rs
+++ b/rpc/src/v1/helpers/light_fetch.rs
@@ -314,8 +314,10 @@ impl LightFetch {
 		use std::collections::BTreeMap;
 		use jsonrpc_core::futures::stream::{self, Stream};
 
+		const MAX_BLOCK_RANGE: u64 = 1000;
+
 		let fetcher: Self = self.clone();
-		self.headers_range_by_block_id(filter.from_block, filter.to_block)
+		self.headers_range_by_block_id(filter.from_block, filter.to_block, MAX_BLOCK_RANGE)
 			.and_then(move |mut headers| {
 				if headers.is_empty() {
 					return Either::A(future::ok(Vec::new()));
@@ -451,7 +453,12 @@ impl LightFetch {
 		}
 	}
 
-	fn headers_range_by_block_id(&self, from_block: BlockId, to_block: BlockId) -> impl Future<Item = Vec<encoded::Header>, Error = Error> {
+	fn headers_range_by_block_id(
+		&self,
+		from_block: BlockId,
+		to_block: BlockId,
+		max: u64
+	) -> impl Future<Item = Vec<encoded::Header>, Error = Error> {
 		let fetch_hashes = [from_block, to_block].iter()
 			.filter_map(|block_id| match block_id {
 				BlockId::Hash(hash) => Some(hash.clone()),
@@ -478,6 +485,8 @@ impl LightFetch {
 			if to_block_num < from_block_num {
 				// early exit for "to" block before "from" block.
 				return Either::A(future::err(errors::filter_block_not_found(to_block)));
+			} else if to_block_num - from_block_num >= max {
+				return Either::A(future::err(errors::request_rejected_param_limit(max, "blocks")));
 			}
 
 			let to_header_hint = match to_block {