commit e881395d512261b30505043bd5b33404ff0ccd2a Author: David Fifield david@bamsoftware.com Date: Mon Nov 26 22:15:50 2012 -0800

Check the message length limit in accumulated frames, not only per-frame. --- flashproxy-client | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/flashproxy-client b/flashproxy-client index b6d80ce..0aa51d4 100755 --- a/flashproxy-client +++ b/flashproxy-client @@ -361,6 +361,8 @@ class WebSocketDecoder(object): else: if frame.opcode != 0: raise ValueError("Non-first frame has nonzero opcode %d" % frame.opcode) + if len(self.message_buf) + len(frame.payload) > self.MAX_MESSAGE_LENGTH: + raise ValueError("Refusing to buffer payload of %d bytes" % (len(self.message_buf) + len(frame.payload))) self.message_buf += frame.payload

if frame.fin: