Skip to content

Reject control frames with payload >125 bytes per RFC 6455 §5.5#214

Merged
swhitty merged 1 commit into
swhitty:mainfrom
ianegordon:ian/tvt-306-wsframevalidator-reject-control-frames-with-payload-gt125
May 16, 2026
Merged

Reject control frames with payload >125 bytes per RFC 6455 §5.5#214
swhitty merged 1 commit into
swhitty:mainfrom
ianegordon:ian/tvt-306-wsframevalidator-reject-control-frames-with-payload-gt125

Conversation

@ianegordon

Copy link
Copy Markdown
Contributor

Summary

  • WSFrameValidator now rejects ping/pong/close frames with payload > 125 bytes, throwing WSFrameValidator.Error.
  • Without this guard, a peer could send a 1 MB ping and have it echoed back verbatim as a pong by WSHandler.makeResponseFrames.
  • RFC 6455 §5.5 (verified at https://www.rfc-editor.org/rfc/rfc6455#section-5.5): "All control frames MUST have a payload length of 125 bytes or less and MUST NOT be fragmented." The fragmentation rule is already enforced by beginContinuation; this PR fills the size-cap gap.

Closes TVT-306.

Test plan

  • New controlFrames_throwError_whenPayloadExceeds125Bytes — 126-byte ping/pong/close each throw.
  • New controlFrames_areAccepted_whenPayloadIsAtMost125Bytes — boundary (125 bytes) and empty payload pass through unchanged.
  • Existing controlFrames_ThrowError_WhenNotFin still passes (fragmentation rejection is unchanged).
  • swift test — 441 tests pass.
  • swift build — clean, no warnings.

🤖 Generated with Claude Code

Control frames (ping/pong/close) MUST have payload length ≤ 125 bytes.
Without this guard, a peer could send a 1 MB ping and have it echoed
back verbatim as a pong by WSHandler.makeResponseFrames.

Closes TVT-306

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@swhitty swhitty merged commit de46fbb into swhitty:main May 16, 2026
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants