ethstats: set readlimit on ethstats server connection (#26207)

This prevents DoS when connected to a malicious ethstats server.
pull/26216/head^2
Martin Holst Swende 2 years ago committed by GitHub
parent 97c563e055
commit c2e0abce2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      ethstats/ethstats.go

@ -57,6 +57,8 @@ const (
txChanSize = 4096 txChanSize = 4096
// chainHeadChanSize is the size of channel listening to ChainHeadEvent. // chainHeadChanSize is the size of channel listening to ChainHeadEvent.
chainHeadChanSize = 10 chainHeadChanSize = 10
messageSizeLimit = 15 * 1024 * 1024
) )
// backend encompasses the bare-minimum functionality needed for ethstats reporting // backend encompasses the bare-minimum functionality needed for ethstats reporting
@ -121,6 +123,7 @@ type connWrapper struct {
} }
func newConnectionWrapper(conn *websocket.Conn) *connWrapper { func newConnectionWrapper(conn *websocket.Conn) *connWrapper {
conn.SetReadLimit(messageSizeLimit)
return &connWrapper{conn: conn} return &connWrapper{conn: conn}
} }

Loading…
Cancel
Save