1 files changed, 4 insertions, 0 deletions

diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index 53a1d452..0bd001f4 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -285,6 +285,10 @@ function handle_request(event)
 		local frame, length = parse_frame(frameBuffer);
 
 		while frame do
+			if length > stanza_size_limit then
+				session:close({ condition = "policy-violation", text = "stanza too large" });
+				return;
+			end
 			frameBuffer:discard(length);
 			local result = handle_frame(frame);
 			if not result then return; end