#1593 mod_websocket does not enforce frame size limits

Reporter MattJ
Owner MattJ
Created
Updated
Stars ★ (1)
Tags
  • Milestone-0.11
  • Security
  • Status-Fixed
  • Type-Defect
  • Priority-High
  1. MattJ on

    What steps will reproduce the problem? 1. Send a websocket frame with an excessively large length value 2. Send an excessive amount of data What is the expected output? mod_websocket only expects to receive stanzas, and should reject frames over the configured stanza size limit. What do you see instead? mod_websocket buffers all received data in memory until the entire frame is received. What version of the product are you using? On what operating system? Prosody 0.11.6.

  2. MattJ on

    Fix released in 0.11.7. - https://hg.prosody.im/trunk/rev/67fb92e312f1

    Changes
    • owner MattJ
    • tags Milestone-0.11
  3. MattJ on

    Changes
    • tags Hidden
  4. MattJ on

    Changes
    • tags Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.