Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limiting message size #1037

Open
plonkster opened this issue Sep 6, 2023 · 3 comments
Open

Limiting message size #1037

plonkster opened this issue Sep 6, 2023 · 3 comments

Comments

@plonkster
Copy link

Is there any way to limit maximum websocket message size with Ratchet? As it is, an attacker can just send a 100MB message on a bunch of concurrent connections and effectively bring the server down due to memory exhaustion.

Thanks!
@programarivm programarivm mentioned this issue Sep 15, 2023
Closed
@programarivm
Copy link

programarivm commented Sep 15, 2023
edited

The message size can be limited when implementing the onMessage() method as per Ratchet\MessageInterface. The example below stops processing the request if exceeding 4096 bytes.

// ...

    public function onMessage(ConnectionInterface $from, $msg)
    {
        if (strlen($msg) > 4096) {
            return;
        }

        // ...
    }

// ...

@quakemmo
Copy link

This does not fix the issue as the memory has already been consumed before onMessage is called.

This needs to be done in Ratchet itself.

The following commit hardcodes a limit of 1000 bytes and solves the issue, ideally that would be some kind of configuration option.

fd3127e

@programarivm
Copy link

😉 That's the frame size in WebSocket parlance I suppose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@programarivm @plonkster @quakemmo