From 538717cfc9b88b80495004a64674e926659491fa Mon Sep 17 00:00:00 2001 From: hippoz <10706925-hippoz@users.noreply.gitlab.com> Date: Thu, 14 Apr 2022 21:29:46 +0300 Subject: [PATCH] backend/gateway: block comically large string payloads --- src/errors.ts | 1 + src/gateway/index.ts | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/errors.ts b/src/errors.ts index 1e7e259..c2b8000 100644 --- a/src/errors.ts +++ b/src/errors.ts @@ -14,4 +14,5 @@ export const gatewayErrors = { NO_PING: { code: 4004, message: "No ping" }, FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" }, ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" }, + PAYLOAD_TOO_LARGE: { code: 4007, message: "Payload too large" }, }; diff --git a/src/gateway/index.ts b/src/gateway/index.ts index a2eb33e..c3e5a5e 100644 --- a/src/gateway/index.ts +++ b/src/gateway/index.ts @@ -170,8 +170,13 @@ export default function(server: Server) { if (ws.state.messagesSinceLastCheck > MAX_CLIENT_MESSAGES_PER_BATCH) { return closeWithError(ws, gatewayErrors.FLOODING); } + + const stringData = rawData.toString(); + if (stringData.length > 2048) { + return closeWithError(ws, gatewayErrors.PAYLOAD_TOO_LARGE); + } - const payload = ensureFormattedGatewayPayload(parseJsonOrNull(rawData.toString())); + const payload = ensureFormattedGatewayPayload(parseJsonOrNull(stringData)); if (!payload) { return closeWithBadPayload(ws, "Invalid JSON or message does not match schema"); }