Software / code / prosody
Changeset
11110:67fb92e312f1 0.11
mod_websocket: Enforce stanza size limit and close stream
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 17 Sep 2020 16:42:36 +0100 |
| parents | 11109:7ec7dba7ba8b |
| children | 11111:55d8612ac357 |
| files | plugins/mod_websocket.lua |
| diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_websocket.lua Thu Sep 17 16:42:14 2020 +0100 +++ b/plugins/mod_websocket.lua Thu Sep 17 16:42:36 2020 +0100 @@ -285,6 +285,10 @@ local frame, length = parse_frame(frameBuffer); while frame do + if length > stanza_size_limit then + session:close({ condition = "policy-violation", text = "stanza too large" }); + return; + end frameBuffer:discard(length); local result = handle_frame(frame); if not result then return; end
