[tor-commits] [flashproxy/master] Check that accumulated frames remain under the message size limit.

[dcf at torproject.org]

commit 915bdeb7d4fd7839afe9724e6854b61d2112e736
Author: David Fifield <david at bamsoftware.com>
Date:   Mon Nov 26 22:13:44 2012 -0800

    Check that accumulated frames remain under the message size limit.
---
 websocket-transport/websocket.go |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/websocket-transport/websocket.go b/websocket-transport/websocket.go
index 91a48e1..5409ea6 100644
--- a/websocket-transport/websocket.go
+++ b/websocket-transport/websocket.go
@@ -38,11 +38,11 @@ import (
 // MaxMessageSize is a limit on buffering messages.
 type WebsocketConfig struct {
 	Subprotocols   []string
-	MaxMessageSize uint64
+	MaxMessageSize int
 }
 
 // Return the WebSocket's maximum message size, or a default maximum size.
-func (config *WebsocketConfig) maxMessageSize() uint64 {
+func (config *WebsocketConfig) maxMessageSize() int {
 	if config.MaxMessageSize == 0 {
 		return 64000
 	}
@@ -120,7 +120,7 @@ func (ws *Websocket) ReadFrame() (frame WebsocketFrame, err error) {
 		}
 		payloadLen = long
 	}
-	if payloadLen > ws.MaxMessageSize {
+	if payloadLen > uint64(ws.MaxMessageSize) {
 		err = errors.New(fmt.Sprintf("frame payload length of %d exceeds maximum of %d", payloadLen, ws.MaxMessageSize))
 		return
 	}
@@ -192,6 +192,11 @@ func (ws *Websocket) ReadMessage() (message WebsocketMessage, err error) {
 				return
 			}
 		}
+		if ws.messageBuf.Len() + len(frame.Payload) > ws.MaxMessageSize {
+			err = errors.New(fmt.Sprintf("message payload length of %d exceeds maximum of %d",
+				ws.messageBuf.Len() + len(frame.Payload), ws.MaxMessageSize))
+			return
+		}
 		ws.messageBuf.Write(frame.Payload)
 		if frame.Fin {
 			break