rust-websocket-lite icon indicating copy to clipboard operation
rust-websocket-lite copied to clipboard

Published 20 hours ago verified publisher icon 1tgr

Add optional frame and message size limits

Open Gelbpunkt opened this issue 3 years ago • 3 comments

Right now, the maximum frame size is hardcoded (https://github.com/1tgr/rust-websocket-lite/blob/master/websocket-codec/src/frame.rs#L53) and extremely high, making maliciously long frames possible, allowing attackers to rapidly use up memory on the receiving side. The same should be possible for the entire message.

Ideally, the user should optionally be able to set a custom limit in bytes to overwrite the defaults.

Gelbpunkt avatar Aug 10 '21 18:08 Gelbpunkt

Take a look at #205. I think it does the job, it's not merged yet as it was missing tests.

1tgr avatar Aug 11 '21 09:08 1tgr

That should work. Maybe it should differentiate between frame size and message size to allow more fine grained control. If you don't mind I could pick up that PR and add tests.

Gelbpunkt avatar Aug 11 '21 10:08 Gelbpunkt

Sounds good to me, thanks

1tgr avatar Aug 11 '21 13:08 1tgr