fix(server): Limit internal server error close message size

ilijaNL · Oct 19, 2021 · 8479f76 · 8479f76
1 parent 21e44db
commit 8479f76
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 3 deletions.
diff --git a/src/__tests__/use.ts b/src/__tests__/use.ts
@@ -361,6 +361,28 @@ for (const { tServer, startTServer } of tServers) {
       // },
     );
 
+    it('should limit the internal server error message size', async () => {
+      const { url } = await startTServer({
+        onConnect: () => {
+          throw new Error(
+            'i am exactly 124 characters long i am exactly 124 characters long i am exactly 124 characters long i am exactly 124 characte',
+          );
+        },
+      });
+
+      const client = await createTClient(url);
+      client.ws.send(
+        stringifyMessage<MessageType.ConnectionInit>({
+          type: MessageType.ConnectionInit,
+        }),
+      );
+
+      await client.waitForClose((event) => {
+        expect(event.code).toBe(CloseCode.InternalServerError);
+        expect(event.reason).toBe('Internal server error');
+      });
+    });
+
     describe('Keep-Alive', () => {
       it('should dispatch pings after the timeout has passed', async (done) => {
         const { url } = await startTServer(undefined, 50);

diff --git a/src/use/fastify-websocket.ts b/src/use/fastify-websocket.ts
@@ -93,7 +93,10 @@ export function makeHandler<
             } catch (err) {
               socket.close(
                 CloseCode.InternalServerError,
-                isProd ? 'Internal server error' : err.message,
+                // close reason should fit in one frame https://datatracker.ietf.org/doc/html/rfc6455#section-5.2
+                isProd || err.message.length > 123
+                  ? 'Internal server error'
+                  : err.message,
               );
             }
           }),

diff --git a/src/use/uWebSockets.ts b/src/use/uWebSockets.ts
@@ -191,7 +191,10 @@ export function makeBehavior<
       } catch (err) {
         socket.end(
           CloseCode.InternalServerError,
-          isProd ? 'Internal server error' : err.message,
+          // close reason should fit in one frame https://datatracker.ietf.org/doc/html/rfc6455#section-5.2
+          isProd || err.message.length > 123
+            ? 'Internal server error'
+            : err.message,
         );
       }
     },

diff --git a/src/use/ws.ts b/src/use/ws.ts
@@ -111,7 +111,10 @@ export function useServer<
             } catch (err) {
               socket.close(
                 CloseCode.InternalServerError,
-                isProd ? 'Internal server error' : err.message,
+                // close reason should fit in one frame https://datatracker.ietf.org/doc/html/rfc6455#section-5.2
+                isProd || err.message.length > 123
+                  ? 'Internal server error'
+                  : err.message,
               );
             }
           }),