[go: up one dir, main page]

Evm node/websocket: limit size of received messages

Alain Mebsoutrequested to merge
alain@functori@websocket-message-too-big into master

What

The websocket connection is closed as soon as the message we are receiving exceeds 4MB.

Why

This protects against attacks where clients never send a final frame or send too much data on the websocket.

How

Closing the connection with the dedicated status 1009 (https://datatracker.ietf.org/doc/html/rfc6455#section-7.4.1)

Manually testing the MR

Tezt

dune exec etherlink/tezt/tests/main.exe -- -t 'Websocket server does not accept messages larger than maximum' -v

Manually

Run an EVM node with websocket support on Resto.

Then connect with wscat and send a large message:

wscat -c ws://127.0.0.1:8545/ws
Connected (press CTRL+C to quit)

> 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000...but much larger

Disconnected (code: 1009, reason: "")
Edited by Alain Mebsout

Merge request reports