Poco::Net::WebSocket::setMaxPayloadSize() and Poco::Net::WebSocket::getMaxPayloadSize()

to specify a maximum acceptable payload size for Poco::Net::WebSocket::receiveFrame()
2025-10-29 20:59:45 +01:00 · 2019-06-22 14:47:55 +02:00
parent 2cd8950dfc
commit 5fc4cd3ff9
4 changed files with 113 additions and 34 deletions
--- a/Net/include/Poco/Net/WebSocket.h
+++ b/Net/include/Poco/Net/WebSocket.h
@@ -209,6 +209,15 @@ public:
 		/// is thrown and the WebSocket connection must be
 		/// terminated.
 		///
+		/// The frame's payload size must not exceed the
+		/// maximum payload size set with setMaxPayloadSize().
+		/// If it does, a WebSocketException (WS_ERR_PAYLOAD_TOO_BIG)
+		/// is thrown and the WebSocket connection must be
+		/// terminated.
+		///
+		/// A WebSocketException will also be thrown if a malformed
+		/// or incomplete frame is received.
+		///
 		/// Returns the number of bytes received.
 		/// A return value of 0 means that the peer has
 		/// shut down or closed the connection.
@@ -223,6 +232,21 @@ public:
 	int receiveFrame(Poco::Buffer<char>& buffer, int& flags);
 		/// Receives a frame from the socket and stores it
 		/// after any previous content in buffer.
+		/// The buffer will be grown as necessary.
+		///
+		/// The frame's payload size must not exceed the
+		/// maximum payload size set with setMaxPayloadSize().
+		/// If it does, a WebSocketException (WS_ERR_PAYLOAD_TOO_BIG)
+		/// is thrown and the WebSocket connection must be
+		/// terminated.
+		///
+		/// A WebSocketException will also be thrown if a malformed
+		/// or incomplete frame is received.
+		///
+		/// If this method is used, a reasonable maximum payload size should
+		/// be set with setMaxPayloadSize() to prevent a potential
+		/// DoS attack (memory exhaustion) by sending a WebSocket frame
+		/// header with a huge payload size.
 		///
 		/// Returns the number of bytes received.
 		/// A return value of 0 means that the peer has
@@ -239,6 +263,16 @@ public:
 		/// Returns WS_SERVER if the WebSocket is a server-side
 		/// WebSocket, or WS_CLIENT otherwise.

+	void setMaxPayloadSize(int maxPayloadSize);
+		/// Sets the maximum payload size for receiveFrame().
+		///
+		/// The default is std::numeric_limits<int>::max().
+
+	int getMaxPayloadSize() const;
+		/// Returns the maximum payload size for receiveFrame().
+		///
+		/// The default is std::numeric_limits<int>::max().
+
 	static const std::string WEBSOCKET_VERSION;
 		/// The WebSocket protocol version supported (13).

--- a/Net/include/Poco/Net/WebSocketImpl.h
+++ b/Net/include/Poco/Net/WebSocketImpl.h
@@ -79,6 +79,16 @@ public:
 	bool mustMaskPayload() const;
 		/// Returns true if the payload must be masked.

+	void setMaxPayloadSize(int maxPayloadSize);
+		/// Sets the maximum payload size for receiveFrame().
+		///
+		/// The default is std::numeric_limits<int>::max().
+
+	int getMaxPayloadSize() const;
+		/// Returns the maximum payload size for receiveFrame().
+		///
+		/// The default is std::numeric_limits<int>::max().
+
 protected:
 	enum
 	{
@@ -96,6 +106,7 @@ private:
 	WebSocketImpl();

 	StreamSocketImpl* _pStreamSocketImpl;
+	int _maxPayloadSize;
 	Poco::Buffer<char> _buffer;
 	int _bufferOffset;
 	int _frameFlags;
@@ -119,6 +130,12 @@ inline bool WebSocketImpl::mustMaskPayload() const
 }


+inline int WebSocketImpl::getMaxPayloadSize() const
+{
+	return _maxPayloadSize;
+}
+
+
 } } // namespace Poco::Net


--- a/Net/src/WebSocket.cpp
+++ b/Net/src/WebSocket.cpp
@@ -126,6 +126,18 @@ WebSocket::Mode WebSocket::mode() const
 }


+void WebSocket::setMaxPayloadSize(int maxPayloadSize)
+{
+	static_cast<WebSocketImpl*>(impl())->setMaxPayloadSize(maxPayloadSize);
+}
+
+
+int WebSocket::getMaxPayloadSize() const
+{
+	return static_cast<WebSocketImpl*>(impl())->getMaxPayloadSize();
+}
+
+
 WebSocketImpl* WebSocket::accept(HTTPServerRequest& request, HTTPServerResponse& response)
 {
 	if (request.hasToken("Connection", "upgrade") && icompare(request.get("Upgrade", ""), "websocket") == 0)
@@ -141,7 +153,7 @@ WebSocketImpl* WebSocket::accept(HTTPServerRequest& request, HTTPServerResponse&
 		response.set("Upgrade", "websocket");
 		response.set("Connection", "Upgrade");
 		response.set("Sec-WebSocket-Accept", computeAccept(key));
-		response.setContentLength(0);
+		response.setContentLength(HTTPResponse::UNKNOWN_CONTENT_LENGTH);
 		response.send().flush();

 		HTTPServerRequestImpl& requestImpl = static_cast<HTTPServerRequestImpl&>(request);
--- a/Net/src/WebSocketImpl.cpp
+++ b/Net/src/WebSocketImpl.cpp
@@ -21,9 +21,13 @@
 #include "Poco/BinaryReader.h"
 #include "Poco/MemoryStream.h"
 #include "Poco/Format.h"
+#include <limits>
 #include <cstring>


+#undef max
+
+
 namespace Poco {
 namespace Net {

@@ -31,6 +35,7 @@ namespace Net {
 WebSocketImpl::WebSocketImpl(StreamSocketImpl* pStreamSocketImpl, HTTPSession& session, bool mustMaskPayload):
 	StreamSocketImpl(pStreamSocketImpl->sockfd()),
 	_pStreamSocketImpl(pStreamSocketImpl),
+	_maxPayloadSize(std::numeric_limits<int>::max()),
 	_buffer(0),
 	_bufferOffset(0),
 	_frameFlags(0),
@@ -134,6 +139,7 @@ int WebSocketImpl::receiveHeader(char mask[4], bool& useMask)
 		Poco::BinaryReader reader(istr, Poco::BinaryReader::NETWORK_BYTE_ORDER);
 		Poco::UInt64 l;
 		reader >> l;
+		if (l > _maxPayloadSize) throw WebSocketException("Payload too big", WebSocket::WS_ERR_PAYLOAD_TOO_BIG);
 		payloadLength = static_cast<int>(l);
 	}
 	else if (lengthByte == 126)
@@ -148,10 +154,12 @@ int WebSocketImpl::receiveHeader(char mask[4], bool& useMask)
 		Poco::BinaryReader reader(istr, Poco::BinaryReader::NETWORK_BYTE_ORDER);
 		Poco::UInt16 l;
 		reader >> l;
+		if (l > _maxPayloadSize) throw WebSocketException("Payload too big", WebSocket::WS_ERR_PAYLOAD_TOO_BIG);
 		payloadLength = static_cast<int>(l);
 	}
 	else
 	{
+		if (lengthByte > _maxPayloadSize) throw WebSocketException("Payload too big", WebSocket::WS_ERR_PAYLOAD_TOO_BIG);
 		payloadLength = lengthByte;
 	}

@@ -169,6 +177,14 @@ int WebSocketImpl::receiveHeader(char mask[4], bool& useMask)
 }


+void WebSocketImpl::setMaxPayloadSize(int maxPayloadSize)
+{
+	poco_assert (maxPayloadSize > 0);
+
+	_maxPayloadSize = maxPayloadSize;
+}
+
+
 int WebSocketImpl::receivePayload(char *buffer, int payloadLength, char mask[4], bool useMask)
 {
 	int received = receiveNBytes(reinterpret_cast<char*>(buffer), payloadLength);
@@ -205,7 +221,7 @@ int WebSocketImpl::receiveBytes(Poco::Buffer<char>& buffer, int)
 	int payloadLength = receiveHeader(mask, useMask);
 	if (payloadLength <= 0)
 		return payloadLength;
-	int oldSize = buffer.size();
+	std::size_t oldSize = buffer.size();
 	buffer.resize(oldSize + payloadLength);
 	return receivePayload(buffer.begin() + oldSize, payloadLength, mask, useMask);
 }