Google Git
Sign in
fuchsia / third_party / golang / net / 6dba816f1056709e29a1c442883cab1336d3c083
commit6dba816f1056709e29a1c442883cab1336d3c083[log] [tgz]
authorArtyom Pervukhin <artyom.pervukhin@gmail.com>Tue May 31 21:11:20 2016 +0300
committerBrad Fitzpatrick <bradfitz@golang.org>Wed Oct 12 14:08:20 2016 +0000
treef27faabfad568255701ab6624072e15a45c51dbe
parentcf4effbb9db1f3ef07f7e1891402991b6afbb276 [diff]
websocket: limit incoming payload size

Codec's Receive method calls io.ReadAll of the whole frame payload,
which can be abused by user sending large payloads in order to exhaust
server memory.

Introduce limit on received payload size defined by
Conn.MaxPayloadBytes. If payload size of the message read with
Codec.Receive exceeds limit, ErrFrameTooLarge error is returned; the
connection can still be recovered if required: the next call to Receive
would at first discard leftovers of previous oversized message before
processing the next one.

Fixes golang/go#5082.

Change-Id: Ib04acd7038474fee39a1719324daaec1c0c496b1
Reviewed-on: https://go-review.googlesource.com/23590
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2 files changed
tree: f27faabfad568255701ab6624072e15a45c51dbe
  1. bpf/
  2. context/
  3. dict/
  4. html/
  5. http2/
  6. icmp/
  7. idna/
  8. internal/
  9. ipv4/
  10. ipv6/
  11. lex/
  12. lif/
  13. netutil/
  14. proxy/
  15. publicsuffix/
  16. route/
  17. trace/
  18. webdav/
  19. websocket/
  20. xsrftoken/
  21. .gitattributes
  22. .gitignore
  23. AUTHORS
  24. codereview.cfg
  25. CONTRIBUTING.md
  26. CONTRIBUTORS
  27. LICENSE
  28. PATENTS
  29. README