Added a maximum buffer size to received data from polling. Settable with the maxHttpBufferSize option

Tony Kovanen · Tony Kovanen · commit f8100f92370f · 2014-03-26T21:19:54.000+02:00
diff --git a/README.md b/README.md
@@ -193,6 +193,9 @@ to a single process.
         consider the connection closed (`60000`)
       - `pingInterval` (`Number`): how many ms before sending a new ping
         packet (`25000`)
+      - `maxHttpBufferSize` (`Number`): how many bytes or characters a message
+        can be when polling, before closing the session (to avoid DoS). Default
+        value is `10E7`.
       - `transports` (`<Array> String`): transports to allow connections
         to (`['polling', 'websocket', 'flashsocket']`)
       - `allowUpgrades` (`Boolean`): whether to allow transport upgrades
diff --git a/lib/server.js b/lib/server.js
@@ -35,6 +35,7 @@ function Server(opts){
   this.pingTimeout = opts.pingTimeout || 60000;
   this.pingInterval = opts.pingInterval || 25000;
   this.upgradeTimeout = opts.upgradeTimeout || 10000;
+  this.maxHttpBufferSize = opts.maxHttpBufferSize || 10E7;
   this.transports = opts.transports || Object.keys(transports);
   this.allowUpgrades = false !== opts.allowUpgrades;
   this.cookie = false !== opts.cookie ? (opts.cookie || 'io') : false;
@@ -208,8 +209,13 @@ Server.prototype.handshake = function(transport, req){
 
   debug('handshaking client "%s"', id);
 
+  var transportName = transport;
   try {
     var transport = new transports[transport](req);
+    if ('polling' == transportName) {
+      transport.maxHttpBufferSize = this.maxHttpBufferSize;
+    }
+
     if (req.query && req.query.b64) {
       transport.supportsBinary = false;
     } else {
diff --git a/lib/transports/polling.js b/lib/transports/polling.js
@@ -139,10 +139,18 @@ Polling.prototype.onDataRequest = function (req, res) {
   }
 
   function onData (data) {
+    var contentLength;
     if (typeof data == 'string') {
       chunks += data;
+      contentLength = Buffer.byteLength(chunks);
     } else {
       chunks = Buffer.concat([chunks, data]);
+      contentLength = chunks.length;
+    }
+
+    if (contentLength > self.maxHttpBufferSize) {
+      chunks = '';
+      req.connection.destroy();
     }
   }
 
diff --git a/test/server.js b/test/server.js
@@ -792,6 +792,8 @@ describe('server', function () {
   });
 
   describe('messages', function () {
+    this.timeout(5000);
+
     it('should arrive from server to client', function (done) {
       var engine = listen({ allowUpgrades: false }, function (port) {
         var socket = new eioc.Socket('ws://localhost:%d'.s(port));
@@ -844,6 +846,39 @@ describe('server', function () {
       });
     });
 
+    it('should not be receiving data when getting a message longer than maxHttpBufferSize when polling', function(done) {
+      var opts = { allowUpgrades: false, transports: ['polling'], maxHttpBufferSize: 5 };
+      var engine = listen(opts, function (port) {
+        var socket = new eioc.Socket('ws://localhost:%d'.s(port));
+        engine.on('connection', function (conn) {
+          conn.on('message', function(msg) {
+            console.log(msg);
+          });
+        });
+        socket.on('open', function () {
+          socket.send('aasdasdakjhasdkjhasdkjhasdkjhasdkjhasdkjhasdkjha');
+        });
+      });
+      setTimeout(done, 1000);
+    });
+
+    it('should receive data when getting a message shorter than maxHttpBufferSize when polling', function(done) {
+      var opts = { allowUpgrades: false, transports: ['polling'], maxHttpBufferSize: 5 };
+      var engine = listen(opts, function (port) {
+        var socket = new eioc.Socket('ws://localhost:%d'.s(port));
+        engine.on('connection', function (conn) {
+          conn.on('message', function(msg) {
+            expect(msg).to.be('a');
+            done();
+          });
+        });
+        socket.on('open', function () {
+          socket.send('a');
+        });
+      });
+    });
+
+
     it('should arrive from server to client (ws)', function (done) {
       var opts = { allowUpgrades: false, transports: ['websocket'] };
       var engine = listen(opts, function (port) {
@@ -999,7 +1034,7 @@ describe('server', function () {
       var opts = { allowUpgrades: false, transports: ['websocket'] };
       var engine = listen(opts, function(port) {
         var socket = new eioc.Socket('ws://localhost:%d'.s(port), { transports: ['websocket'] });
-        
+
         engine.on('connection', function (conn) {
           conn.send(binaryData);
         });

Original file line number	Diff line number	Diff line change
`@@ -139,10 +139,18 @@ Polling.prototype.onDataRequest = function (req, res) {`
`139`	`139`	`}`
`140`	`140`
`141`	`141`	`function onData (data) {`
	`142`	`+ var contentLength;`
`142`	`143`	`if (typeof data == 'string') {`
`143`	`144`	`chunks += data;`
	`145`	`+ contentLength = Buffer.byteLength(chunks);`
`144`	`146`	`} else {`
`145`	`147`	`chunks = Buffer.concat([chunks, data]);`
	`148`	`+ contentLength = chunks.length;`
	`149`	`+ }`
	`150`	`+`
	`151`	`+ if (contentLength > self.maxHttpBufferSize) {`
	`152`	`+ chunks = '';`
	`153`	`+ req.connection.destroy();`
`146`	`154`	`}`
`147`	`155`	`}`
`148`	`156`