From e7f545bae6bdf4d8d7d4753e61783b952df936fd Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 17 Sep 2020 16:42:36 +0100
Subject: mod_websocket: Enforce stanza size limit and close stream

---
 plugins/mod_websocket.lua | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index 53a1d452..0bd001f4 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -285,6 +285,10 @@ function handle_request(event)
 		local frame, length = parse_frame(frameBuffer);
 
 		while frame do
+			if length > stanza_size_limit then
+				session:close({ condition = "policy-violation", text = "stanza too large" });
+				return;
+			end
 			frameBuffer:discard(length);
 			local result = handle_frame(frame);
 			if not result then return; end
-- 
cgit v1.2.3