[pve-devel] [PATCH pve-http-server] limit websocket frame size

Dietmar Maurer dietmar at proxmox.com
Wed Jun 6 16:45:48 CEST 2018


AnyEvent checks rbuf_max after calling the callback (too late), so
we can receive larger data.

Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
 PVE/APIServer/AnyEvent.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
index eac788b..9efd662 100755
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@@ -374,8 +374,8 @@ sub websocket_proxy {
 
 	    $reqstate->{proxyhdl} = AnyEvent::Handle->new(
 		fh => $fh,
-		rbuf_max => 64*1024,
-		wbuf_max => 64*10*1024,
+		rbuf_max => $max_payload_size,
+		wbuf_max => $max_payload_size*10,
 		timeout => 5,
 		on_eof => sub {
 		    my ($hdl) = @_;
@@ -398,7 +398,7 @@ sub websocket_proxy {
 		my ($hdl) = @_;
 
 		my $len = length($hdl->{rbuf});
-		my $data = substr($hdl->{rbuf}, 0, $len, '');
+		my $data = substr($hdl->{rbuf}, 0, $len > $max_payload_size ? $max_payload_size : $len, '');
 
 		my $string;
 		my $payload;
-- 
2.11.0



More information about the pve-devel mailing list