Limit maximal size of allowed fragment.

tomusdrw · tomusdrw · commit 63f245ed4fb9 · 2019-01-11T15:34:11.000+01:00
diff --git a/src/connection.rs b/src/connection.rs
@@ -714,7 +714,8 @@ where
     }
 
     fn read_frames(&mut self) -> Result<()> {
-        while let Some(mut frame) = Frame::parse(&mut self.in_buffer)? {
+        let max_size = self.settings.max_fragment_size as u64;
+        while let Some(mut frame) = Frame::parse(&mut self.in_buffer, max_size)? {
             match self.state {
                 // Ignore data received after receiving close frame
                 RespondingClose | FinishedClose => continue,
diff --git a/src/frame.rs b/src/frame.rs
@@ -244,7 +244,7 @@ impl Frame {
     }
 
     /// Parse the input stream into a frame.
-    pub fn parse(cursor: &mut Cursor<Vec<u8>>) -> Result<Option<Frame>> {
+    pub fn parse(cursor: &mut Cursor<Vec<u8>>, max_payload_length: u64) -> Result<Option<Frame>> {
         let size = cursor.get_ref().len() as u64 - cursor.position();
         let initial = cursor.position();
         trace!("Position in buffer {}", initial);
@@ -299,6 +299,16 @@ impl Frame {
         }
         trace!("Payload length: {}", length);
 
+        if length > max_payload_length {
+            return Err(Error::new(
+                Kind::Protocol,
+                format!(
+                    "Rejected frame with payload length exceeding defined max: {}.",
+                    max_payload_length
+                ),
+            ));
+        }
+
         let mask = if masked {
             let mut mask_bytes = [0u8; 4];
             if cursor.read(&mut mask_bytes)? != 4 {
diff --git a/src/lib.rs b/src/lib.rs
@@ -158,6 +158,9 @@ pub struct Settings {
     /// The maximum length of outgoing frames. Messages longer than this will be fragmented.
     /// Default: 65,535
     pub fragment_size: usize,
+    /// The maximum length of acceptable incoming frames. Messages longer than this will be rejected.
+    /// Default: unlimited
+    pub max_fragment_size: usize,
     /// The size of the incoming buffer. A larger buffer uses more memory but will allow for fewer
     /// reallocations.
     /// Default: 2048
@@ -245,6 +248,7 @@ impl Default for Settings {
             fragments_capacity: 10,
             fragments_grow: true,
             fragment_size: u16::max_value() as usize,
+            max_fragment_size: usize::max_value(),
             in_buffer_capacity: 2048,
             in_buffer_grow: true,
             out_buffer_capacity: 2048,

Original file line number	Diff line number	Diff line change
`@@ -714,7 +714,8 @@ where`
`714`	`714`	`}`
`715`	`715`
`716`	`716`	`fn read_frames(&mut self) -> Result<()> {`
`717`		`- while let Some(mut frame) = Frame::parse(&mut self.in_buffer)? {`
	`717`	`+ let max_size = self.settings.max_fragment_size as u64;`
	`718`	`+ while let Some(mut frame) = Frame::parse(&mut self.in_buffer, max_size)? {`
`718`	`719`	`match self.state {`
`719`	`720`	`// Ignore data received after receiving close frame`
`720`	`721`	`RespondingClose \| FinishedClose => continue,`