diff options
author | Matthew Wild <mwild1@gmail.com> | 2020-09-17 16:42:36 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2020-09-17 16:42:36 +0100 |
commit | e7f545bae6bdf4d8d7d4753e61783b952df936fd (patch) | |
tree | 19c5fc9db6681c8f52bec2e279b585c80c8b3e8d | |
parent | 359de0c75de14ebc1700b07a5f414e5a1c49b413 (diff) | |
download | prosody-e7f545bae6bdf4d8d7d4753e61783b952df936fd.tar.gz prosody-e7f545bae6bdf4d8d7d4753e61783b952df936fd.zip |
mod_websocket: Enforce stanza size limit and close stream
-rw-r--r-- | plugins/mod_websocket.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 53a1d452..0bd001f4 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -285,6 +285,10 @@ function handle_request(event) local frame, length = parse_frame(frameBuffer); while frame do + if length > stanza_size_limit then + session:close({ condition = "policy-violation", text = "stanza too large" }); + return; + end frameBuffer:discard(length); local result = handle_frame(frame); if not result then return; end |