websocket-driver 0.8.0 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1f212eb47e19ec359d90624302280cfc94d6fbc9d4bf9a419574fa8531c7d38
-  data.tar.gz: a35ae8ecae5b94d297141eb9bc0f29647614034cc961bc8c4e26a7876aa40a4b
+  metadata.gz: 29e86447ce1bcb8a90f93a8d93b8a80322f3c36e655f9a1a4e32415eddaeb129
+  data.tar.gz: 07c2dccd9d940048a1be5f8459f2c0d3214762f4bdd28f2096406e4df7725184
 SHA512:
-  metadata.gz: 0dd79a8fd32a6380ef832549c1139b1f425f0fe49b33adb32338ce39d5ad9d1d558ce1f33f89c3fefa8464b65a0b9d9664e509e200c55979add09b0cd872e55d
-  data.tar.gz: 87684980b91fb5d6cf1ae8866ab51cd60809fbbba4d90032585c8596797333e8e0e995f1b98cb7269e917de2c501ee524d0c2ff72917457092fa292e51e7e0a9
+  metadata.gz: 105e1d610de90d7b934b88ce141b1aff0496afc22b2599b56d046304b09c9476a122e0eb04f8cddc5303d6f38204334ad2b36113c46d28fbbb486292870eb870
+  data.tar.gz: 63e4ab5cd1ffadd35797b0dd713b5a3da3e6eed3e8c3cf09b0ebff18d7e3c931c6ed2b45e992dc26cf77a96e5a8be349318bcafe51bd80498ae389dc8a0f9d9f

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+### 0.8.1 / 2026-06-04
+
+- Close a draft-75/76 connection if a length header grows to exceed the
+  configured max length
+- Fail the connection if a message is larger than the configured max length
+  after extension processing
+- Limit the total HTTP request line and headers size to 32K
+
 ### 0.8.0 / 2025-05-25
 
 - Emit binary message as a string with `Encoding::BINARY` instead of an array

data/LICENSE.md

@@ -1,4 +1,4 @@
-Copyright 2010-2025 James Coglan
+Copyright 2010-2026 James Coglan
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 this file except in compliance with the License. You may obtain a copy of the

data/lib/websocket/driver/draft75.rb

@@ -41,6 +41,7 @@ module WebSocket
 
             when 1 then
               @length = (octet & 0x7F) + 128 * @length
+              return close if @length > @max_length
 
               if @closing and @length.zero?
                 return close

data/lib/websocket/driver/hybi.rb

@@ -400,6 +400,10 @@ module WebSocket
 
         payload = message.data
 
+        if payload.bytesize > @max_length
+          return fail(:too_large, 'WebSocket frame length too large')
+        end
+
         case message.opcode
           when OPCODES[:text] then
             payload = Driver.encode(payload, Encoding::UTF_8)

data/lib/websocket/http/headers.rb

@@ -2,7 +2,7 @@ module WebSocket
   module HTTP
 
     module Headers
-      MAX_LINE_LENGTH = 4096
+      MAX_REQUEST_SIZE = 32768
       CR = 0x0D
       LF = 0x0A
 
@@ -38,6 +38,7 @@ module WebSocket
       attr_reader :headers
 
       def initialize
+        @size    = 0
         @buffer  = []
         @env     = {}
         @headers = {}
@@ -54,6 +55,9 @@ module WebSocket
 
       def parse(chunk)
         chunk.each_byte do |octet|
+          @size += 1
+          return error if @size > MAX_REQUEST_SIZE
+
           if octet == LF and @stage < 2
             @buffer.pop if @buffer.last == CR
             if @buffer.empty?
@@ -71,9 +75,8 @@ module WebSocket
               end
             end
             @buffer = []
-          else
-            @buffer << octet if @stage >= 0
-            error if @stage < 2 and @buffer.size > MAX_LINE_LENGTH
+          elsif @stage >= 0
+            @buffer << octet
           end
         end
         @env['rack.input'] = StringIO.new(string_buffer)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: websocket-driver
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - James Coglan
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: WebSocket protocol handler with pluggable I/O
 test_files: []