# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1600357356 -3600
# Node ID 67fb92e312f15c45b66b5f37d05638b345b1cfe3
# Parent  7ec7dba7ba8bf31e0be53907827efe29a76a369c
mod_websocket: Enforce stanza size limit and close stream

diff -r 7ec7dba7ba8b -r 67fb92e312f1 plugins/mod_websocket.lua
--- a/plugins/mod_websocket.lua	Thu Sep 17 16:42:14 2020 +0100
+++ b/plugins/mod_websocket.lua	Thu Sep 17 16:42:36 2020 +0100
@@ -285,6 +285,10 @@
 		local frame, length = parse_frame(frameBuffer);
 
 		while frame do
+			if length > stanza_size_limit then
+				session:close({ condition = "policy-violation", text = "stanza too large" });
+				return;
+			end
 			frameBuffer:discard(length);
 			local result = handle_frame(frame);
 			if not result then return; end