diff options
| author | Matthew Wild <mwild1@gmail.com> | 2020-09-17 16:42:36 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2020-09-17 16:42:36 +0100 |
| commit | 68208217aff9d76528b92777f078cff4d68324be (patch) | |
| tree | 19c5fc9db6681c8f52bec2e279b585c80c8b3e8d | |
| parent | 01f881f5002110a2728f29cd17fb48845277f9c6 (diff) | |
| download | prosody-68208217aff9d76528b92777f078cff4d68324be.tar.gz prosody-68208217aff9d76528b92777f078cff4d68324be.zip | |
mod_websocket: Enforce stanza size limit and close stream
| -rw-r--r-- | plugins/mod_websocket.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 53a1d452..0bd001f4 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -285,6 +285,10 @@ function handle_request(event) local frame, length = parse_frame(frameBuffer); while frame do + if length > stanza_size_limit then + session:close({ condition = "policy-violation", text = "stanza too large" }); + return; + end frameBuffer:discard(length); local result = handle_frame(frame); if not result then return; end |