From 69fbcdf14c00fc882477b18af962a932db0d54ee Mon Sep 17 00:00:00 2001 From: teravus Date: Tue, 5 Mar 2013 00:04:09 -0500 Subject: * Add a Max Payload size property to the Websocket Server Handler. If you would like to restrict the maximum packet size, (and therefore protect against Memory DOSing) then you should set this. I defaulted it to 40MB. This means that in theory, a malicious user could connect and send a packet that claims that the payload is up to 40 mb (even if it doesn't actually turn out to be 40mb. More testing needs to be done on it where the packets are maliciously malformed. --- .../Servers/HttpServer/WebsocketServerHandler.cs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs b/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs index bb8825b..ee96b47 100644 --- a/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs +++ b/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs @@ -108,6 +108,7 @@ namespace OpenSim.Framework.Servers.HttpServer private int _bufferLength; private bool _closing; private bool _upgraded; + private int _maxPayloadBytes = 41943040; private const string HandshakeAcceptText = "HTTP/1.1 101 Switching Protocols\r\n" + @@ -196,6 +197,15 @@ namespace OpenSim.Framework.Servers.HttpServer } /// + /// Max Payload Size in bytes. Defaults to 40MB, but could be set upon connection before calling handshake and upgrade. + /// + public int MaxPayloadSize + { + get { return _maxPayloadBytes; } + set { _maxPayloadBytes = value; } + } + + /// /// This triggers the websocket start the upgrade process /// public void HandshakeAndUpgrade() @@ -367,7 +377,12 @@ namespace OpenSim.Framework.Servers.HttpServer if (headerread) { _socketState.FrameComplete = false; - + if (pheader.PayloadLen > (ulong) _maxPayloadBytes) + { + Close("Invalid Payload size"); + + return; + } if (pheader.PayloadLen > 0) { if ((int) pheader.PayloadLen > _bufferPosition - offset) -- cgit v1.1