diff options
| author | Matthew Wild <mwild1@gmail.com> | 2020-09-17 16:42:36 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2020-09-17 16:42:36 +0100 |
| commit | 364146dbb1d8b8facf1bc02b336f9ce38c1b4746 (patch) | |
| tree | 19c5fc9db6681c8f52bec2e279b585c80c8b3e8d | |
| parent | 3c0924eee1130bdcec884e58cc2e04efdb54afb2 (diff) | |
| download | prosody-364146dbb1d8b8facf1bc02b336f9ce38c1b4746.tar.gz prosody-364146dbb1d8b8facf1bc02b336f9ce38c1b4746.zip | |
mod_websocket: Enforce stanza size limit and close stream
| -rw-r--r-- | plugins/mod_websocket.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 53a1d452..0bd001f4 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -285,6 +285,10 @@ function handle_request(event) local frame, length = parse_frame(frameBuffer); while frame do + if length > stanza_size_limit then + session:close({ condition = "policy-violation", text = "stanza too large" }); + return; + end frameBuffer:discard(length); local result = handle_frame(frame); if not result then return; end |