backend/gateway: block comically large string payloads

This commit is contained in:
hippoz 2022-04-14 21:29:46 +03:00
parent fec30b7ec9
commit 538717cfc9
No known key found for this signature in database
GPG key ID: 7C52899193467641
2 changed files with 7 additions and 1 deletions

View file

@ -14,4 +14,5 @@ export const gatewayErrors = {
NO_PING: { code: 4004, message: "No ping" }, NO_PING: { code: 4004, message: "No ping" },
FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" }, FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" },
ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" }, ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" },
PAYLOAD_TOO_LARGE: { code: 4007, message: "Payload too large" },
}; };

View file

@ -171,7 +171,12 @@ export default function(server: Server) {
return closeWithError(ws, gatewayErrors.FLOODING); return closeWithError(ws, gatewayErrors.FLOODING);
} }
const payload = ensureFormattedGatewayPayload(parseJsonOrNull(rawData.toString())); const stringData = rawData.toString();
if (stringData.length > 2048) {
return closeWithError(ws, gatewayErrors.PAYLOAD_TOO_LARGE);
}
const payload = ensureFormattedGatewayPayload(parseJsonOrNull(stringData));
if (!payload) { if (!payload) {
return closeWithBadPayload(ws, "Invalid JSON or message does not match schema"); return closeWithBadPayload(ws, "Invalid JSON or message does not match schema");
} }