Closed
Description
What steps will reproduce the problem?
Currently go.net/websocket provides no way to limit how much data an websocket server reads, if an client sends very large amounts of data (messages, frames) the websocket server will allocate that memory, and will continue to do so, until the server runs out of memory or the client crashes.
[In someone else's tests] it has been observed that there is also no header limit
provided (for the same issue). (See discussion:
https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/2Tge6U8-QYI)
What is the expected output?
go.net/websocket should provide an way to set an maximum read size and maximum header
read size, to avoid attacks from potentially malicious clients.