* Add a Max Payload size property to the Websocket Server Handler. If you would like to restrict the maximum packet size, (and therefore protect against Memory DOSing) then you should set this. I defaulted it to 40MB. This means that in theory, a malicious user could connect and send a packet that claims that the payload is up to 40 mb (even if it doesn't actually turn out to be 40mb. More testing needs to be done on it where the packets are maliciously malformed.

user_profiles
teravus 2013-03-05 00:04:09 -05:00
parent 7556b42d7a
commit 69fbcdf14c
1 changed files with 16 additions and 1 deletions

View File

@ -108,6 +108,7 @@ namespace OpenSim.Framework.Servers.HttpServer
private int _bufferLength; private int _bufferLength;
private bool _closing; private bool _closing;
private bool _upgraded; private bool _upgraded;
private int _maxPayloadBytes = 41943040;
private const string HandshakeAcceptText = private const string HandshakeAcceptText =
"HTTP/1.1 101 Switching Protocols\r\n" + "HTTP/1.1 101 Switching Protocols\r\n" +
@ -195,6 +196,15 @@ namespace OpenSim.Framework.Servers.HttpServer
HandshakeAndUpgrade(); HandshakeAndUpgrade();
} }
/// <summary>
/// Max Payload Size in bytes. Defaults to 40MB, but could be set upon connection before calling handshake and upgrade.
/// </summary>
public int MaxPayloadSize
{
get { return _maxPayloadBytes; }
set { _maxPayloadBytes = value; }
}
/// <summary> /// <summary>
/// This triggers the websocket start the upgrade process /// This triggers the websocket start the upgrade process
/// </summary> /// </summary>
@ -367,7 +377,12 @@ namespace OpenSim.Framework.Servers.HttpServer
if (headerread) if (headerread)
{ {
_socketState.FrameComplete = false; _socketState.FrameComplete = false;
if (pheader.PayloadLen > (ulong) _maxPayloadBytes)
{
Close("Invalid Payload size");
return;
}
if (pheader.PayloadLen > 0) if (pheader.PayloadLen > 0)
{ {
if ((int) pheader.PayloadLen > _bufferPosition - offset) if ((int) pheader.PayloadLen > _bufferPosition - offset)