aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2020-09-17 16:42:36 +0100
committerMatthew Wild <mwild1@gmail.com>2020-09-17 16:42:36 +0100
commite7f545bae6bdf4d8d7d4753e61783b952df936fd (patch)
tree19c5fc9db6681c8f52bec2e279b585c80c8b3e8d
parent359de0c75de14ebc1700b07a5f414e5a1c49b413 (diff)
downloadprosody-e7f545bae6bdf4d8d7d4753e61783b952df936fd.tar.gz
prosody-e7f545bae6bdf4d8d7d4753e61783b952df936fd.zip
mod_websocket: Enforce stanza size limit and close stream
-rw-r--r--plugins/mod_websocket.lua4
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index 53a1d452..0bd001f4 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -285,6 +285,10 @@ function handle_request(event)
local frame, length = parse_frame(frameBuffer);
while frame do
+ if length > stanza_size_limit then
+ session:close({ condition = "policy-violation", text = "stanza too large" });
+ return;
+ end
frameBuffer:discard(length);
local result = handle_frame(frame);
if not result then return; end