Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_websocket: Enforce stanza size limit and close stream 0.11
authorMatthew Wild <mwild1@gmail.com>
Thu, 17 Sep 2020 16:42:36 +0100
branch0.11
changeset 11114 67fb92e312f1
parent 11113 7ec7dba7ba8b
child 11115 55d8612ac357
mod_websocket: Enforce stanza size limit and close stream
plugins/mod_websocket.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_websocket.lua	Thu Sep 17 16:42:14 2020 +0100
+++ b/plugins/mod_websocket.lua	Thu Sep 17 16:42:36 2020 +0100
@@ -285,6 +285,10 @@
 		local frame, length = parse_frame(frameBuffer);
 
 		while frame do
+			if length > stanza_size_limit then
+				session:close({ condition = "policy-violation", text = "stanza too large" });
+				return;
+			end
 			frameBuffer:discard(length);
 			local result = handle_frame(frame);
 			if not result then return; end
prosody