From 6ec7c5be50b48d6ce0a09aa3468f2c5725406a97 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Wed, 21 May 2025 10:42:51 -0500 Subject: [PATCH] Add size limit for total message size This size limit could break applications, but it will close the denial of service issue. --- libsoup/soup-websocket-connection.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c index 36524d04..f8764aff 100644 --- a/libsoup/soup-websocket-connection.c +++ b/libsoup/soup-websocket-connection.c @@ -913,6 +913,11 @@ process_contents (SoupWebsocketConnection *self, switch (pv->message_opcode) { case 0x01: case 0x02: + /* Safety valve */ + if (pv->message_data->len + payload_len > pv->max_incoming_payload_size) { + too_big_error_and_close (self, (pv->message_data->len + payload_len)); + return; + } g_byte_array_append (pv->message_data, payload, payload_len); break; default: -- 2.49.0