hippoz/waffle
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

backend/gateway: block comically large string payloads

Browse source
This commit is contained in:
hippoz 2022-04-14 21:29:46 +03:00
parent fec30b7ec9
commit 538717cfc9
Signed by: hippoz
GPG key ID: 7C52899193467641
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/errors.ts
View file

@ -14,4 +14,5 @@ export const gatewayErrors = {
NO_PING: { code: 4004, message: "No ping" },
FLOODING: { code: 4005, message: "Flooding (exceeded maximum messages per batch)" },
ALREADY_AUTHENTICATED: { code: 4006, message: "Already authenticated" },
PAYLOAD_TOO_LARGE: { code: 4007, message: "Payload too large" },
};

7
src/gateway/index.ts
View file

@ -171,7 +171,12 @@ export default function(server: Server) {
return closeWithError(ws, gatewayErrors.FLOODING);
}
const payload = ensureFormattedGatewayPayload(parseJsonOrNull(rawData.toString()));
const stringData = rawData.toString();
if (stringData.length > 2048) {
return closeWithError(ws, gatewayErrors.PAYLOAD_TOO_LARGE);
}
const payload = ensureFormattedGatewayPayload(parseJsonOrNull(stringData));
if (!payload) {
return closeWithBadPayload(ws, "Invalid JSON or message does not match schema");
}