ethstats: set readlimit on ethstats server connection (#26207)

holiman · web-flow · commit c2e0abce2eed · 2022-11-17T15:33:03.000+01:00
This prevents DoS when connected to a malicious ethstats server.
diff --git a/ethstats/ethstats.go b/ethstats/ethstats.go
@@ -57,6 +57,8 @@ const (
 	txChanSize = 4096
 	// chainHeadChanSize is the size of channel listening to ChainHeadEvent.
 	chainHeadChanSize = 10
+
+	messageSizeLimit = 15 * 1024 * 1024
 )
 
 // backend encompasses the bare-minimum functionality needed for ethstats reporting
@@ -121,6 +123,7 @@ type connWrapper struct {
 }
 
 func newConnectionWrapper(conn *websocket.Conn) *connWrapper {
+	conn.SetReadLimit(messageSizeLimit)
 	return &connWrapper{conn: conn}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,8 @@ const (`
`57`	`57`	`txChanSize = 4096`
`58`	`58`	`// chainHeadChanSize is the size of channel listening to ChainHeadEvent.`
`59`	`59`	`chainHeadChanSize = 10`
	`60`	`+`
	`61`	`+ messageSizeLimit = 15 * 1024 * 1024`
`60`	`62`	`)`
`61`	`63`
`62`	`64`	`// backend encompasses the bare-minimum functionality needed for ethstats reporting`
`@@ -121,6 +123,7 @@ type connWrapper struct {`
`121`	`123`	`}`
`122`	`124`
`123`	`125`	`func newConnectionWrapper(conn websocket.Conn) connWrapper {`
	`126`	`+ conn.SetReadLimit(messageSizeLimit)`
`124`	`127`	`return &connWrapper{conn: conn}`
`125`	`128`	`}`
`126`	`129`