#1593 mod_websocket does not enforce frame size limits

Reporter MattJ
Owner MattJ
Stars ★ (1)
  • Status-Fixed
  • Milestone-0.11
  • Type-Defect
  • Security
  • Priority-High
  1. MattJ on

    What steps will reproduce the problem? 1. Send a websocket frame with an excessively large length value 2. Send an excessive amount of data What is the expected output? mod_websocket only expects to receive stanzas, and should reject frames over the configured stanza size limit. What do you see instead? mod_websocket buffers all received data in memory until the entire frame is received. What version of the product are you using? On what operating system? Prosody 0.11.6.

  2. MattJ on

    Fix released in 0.11.7. - https://hg.prosody.im/trunk/rev/67fb92e312f1

    • owner MattJ
    • tags Milestone-0.11
  3. MattJ on

    • tags Hidden
  4. MattJ on

    • tags Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.