#1593 mod_websocket does not enforce frame size limits
Reporter
MattJ
Owner
MattJ
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Milestone-0.11
Type-Defect
Security
Priority-High
MattJ
on
What steps will reproduce the problem?
1. Send a websocket frame with an excessively large length value
2. Send an excessive amount of data
What is the expected output?
mod_websocket only expects to receive stanzas, and should reject frames over the configured stanza size limit.
What do you see instead?
mod_websocket buffers all received data in memory until the entire frame is received.
What version of the product are you using? On what operating system?
Prosody 0.11.6.
What steps will reproduce the problem? 1. Send a websocket frame with an excessively large length value 2. Send an excessive amount of data What is the expected output? mod_websocket only expects to receive stanzas, and should reject frames over the configured stanza size limit. What do you see instead? mod_websocket buffers all received data in memory until the entire frame is received. What version of the product are you using? On what operating system? Prosody 0.11.6.
Fix released in 0.11.7. - https://hg.prosody.im/trunk/rev/67fb92e312f1
ChangesHidden