From cdb6932787f050e8fed98923e789e858c3745490 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 6 Jun 2018 16:41:30 +0200
Subject: [PATCH] limit websocket frame size

AnyEvent checks rbuf_max after calling the callback (too late), so
we can receive larger data.
---
 PVE/APIServer/AnyEvent.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
index eac788b..9efd662 100755
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@@ -374,8 +374,8 @@ sub websocket_proxy {
 
 	    $reqstate->{proxyhdl} = AnyEvent::Handle->new(
 		fh => $fh,
-		rbuf_max => 64*1024,
-		wbuf_max => 64*10*1024,
+		rbuf_max => $max_payload_size,
+		wbuf_max => $max_payload_size*10,
 		timeout => 5,
 		on_eof => sub {
 		    my ($hdl) = @_;
@@ -398,7 +398,7 @@ sub websocket_proxy {
 		my ($hdl) = @_;
 
 		my $len = length($hdl->{rbuf});
-		my $data = substr($hdl->{rbuf}, 0, $len, '');
+		my $data = substr($hdl->{rbuf}, 0, $len > $max_payload_size ? $max_payload_size : $len, '');
 
 		my $string;
 		my $payload;