aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_websocket.lua
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2020-09-17 16:42:36 +0100
committerMatthew Wild <mwild1@gmail.com>2020-09-17 16:42:36 +0100
commit364146dbb1d8b8facf1bc02b336f9ce38c1b4746 (patch)
tree19c5fc9db6681c8f52bec2e279b585c80c8b3e8d /plugins/mod_websocket.lua
parent3c0924eee1130bdcec884e58cc2e04efdb54afb2 (diff)
downloadprosody-364146dbb1d8b8facf1bc02b336f9ce38c1b4746.tar.gz
prosody-364146dbb1d8b8facf1bc02b336f9ce38c1b4746.zip
mod_websocket: Enforce stanza size limit and close stream
Diffstat (limited to 'plugins/mod_websocket.lua')
-rw-r--r--plugins/mod_websocket.lua4
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index 53a1d452..0bd001f4 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -285,6 +285,10 @@ function handle_request(event)
local frame, length = parse_frame(frameBuffer);
while frame do
+ if length > stanza_size_limit then
+ session:close({ condition = "policy-violation", text = "stanza too large" });
+ return;
+ end
frameBuffer:discard(length);
local result = handle_frame(frame);
if not result then return; end