Fix big control message payload

Close connection with protocol error if the payload of a control message is bigger than 125 octets. Fix Authobahn test case 2.5. https://bugzilla.gnome.org/show_bug.cgi?id=792113
author: Italo Guerrieri <guerital@amazon.it> 2017-12-28 11:30:32 +0100
committer: Ignacio Casal Quinteiro <qignacio@amazon.com> 2018-01-10 22:11:39 +0100
commit: 14c33979e7383ae52c75903cad41c623820e0947 (patch)
tree: 63e44b1d56522d0ee2cd7af840501c3b53c0b953 /libsoup
parent: 17a682e3d9fb76da46c2feb36b246ef30e4ff167 (diff)
download: libsoup-14c33979e7383ae52c75903cad41c623820e0947.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
index e9260b6a..08387e54 100644
--- a/libsoup/soup-websocket-connection.c
+++ b/libsoup/soup-websocket-connection.c
@@ -152,6 +152,8 @@ typedef enum {
 static void queue_frame (SoupWebsocketConnection *self, SoupWebsocketQueueFlags flags,
 			 gpointer data, gsize len, gsize amount);
 
+static void protocol_error_and_close (SoupWebsocketConnection *self);
+
 static void
 frame_free (gpointer data)
 {
@@ -358,11 +360,12 @@ send_message (SoupWebsocketConnection *self,
 	outer = bytes->data;
 	outer[0] = 0x80 | opcode;
 
-	/* If control message, truncate payload */
+	/* If control message, check payload size */
 	if (opcode & 0x08) {
 		if (length > 125) {
-			g_warning ("Truncating WebSocket control message payload");
-			length = 125;
+			g_warning ("WebSocket control message payload exceeds size limit");
+			protocol_error_and_close (self);
+			return;
 		}
 
 		buffered_amount = 0;
author	Italo Guerrieri <guerital@amazon.it>	2017-12-28 11:30:32 +0100
committer	Ignacio Casal Quinteiro <qignacio@amazon.com>	2018-01-10 22:11:39 +0100
commit	14c33979e7383ae52c75903cad41c623820e0947 (patch)
tree	63e44b1d56522d0ee2cd7af840501c3b53c0b953 /libsoup
parent	17a682e3d9fb76da46c2feb36b246ef30e4ff167 (diff)
download	libsoup-14c33979e7383ae52c75903cad41c623820e0947.tar.gz