13

I have an application in which I wish to limit the maximum size of a message that was sent across the wire by a connected client. Since the theoretical maximum of a message in Node.js is about 1.9 GB, I actually never want my application to allocate that big a chunk of memory if some malicious clients tries to send an over-sized packet.

How can I limit the incoming message size, to say, 1024 bytes?

Meirion Hughes
  • 24,994
  • 12
  • 71
  • 122
NiCk Newman
  • 1,716
  • 7
  • 23
  • 48
  • 1
    Related question: http://stackoverflow.com/questions/12977719/how-much-data-can-i-send-through-a-socket-emit – jfriend00 Jun 13 '15 at 15:31
  • 1
    @jfriend00 my issue more related to memory allocation than bandwidth issue though. If we use `.length` on a string, if that string is 2gb... That's where we have the issue and when the memory starts to allocate towards checking the length.. :( That guy's answer is 100% wrong, you're supposed to check the length first and close the clients connection if it exceeds.. not just rely on bandwidth. If you do that, that data will be sent to everyone that is connected (as that's a chat room he's talking about). – NiCk Newman Jun 14 '15 at 01:50
  • 2
    This question originates from https://github.com/websockets/ws/issues/513. Now with reproduction/issue illustration. This is quite a big deal TBH. – Deathspike Jun 22 '15 at 11:51
  • You could pipe the incoming data to a file. Then check the size of the file at a certain interval/frequency. – Evan Shortiss Jul 06 '15 at 14:43
  • Have you looked at this? https://nodejs.org/api/net.html#net_socket_buffersize – Breedly Jul 06 '15 at 15:18
  • I don't think you can reliably inplement a solution to this at the application level. Maybe further down the stack. – adrian7 Aug 15 '15 at 14:14
  • @NiCkNewman : Did you ever find a solution to this (limiting message size BEFORE the entire message has been transferred over the wire and read into a block of memory)? – Mark K Cowan Nov 20 '16 at 00:57
  • Was there ever an answer for this? I'd like to implement this lower in the stack but I don't know how. – neph Dec 04 '17 at 05:34

2 Answers2

7

To anyone looking for answer to this question in future, use maxPayload option in server configuration to limit the message size before it is read by Node (which is almost always what you want)

const wss = new WebSocket.Server({
        clientTracking: true,
        maxPayload: 128 * 1024, // 128 KB
        path: "/learn",
        //....
})
mehulmpt
  • 15,861
  • 12
  • 48
  • 88
0

Each character is 1 to 3 bytes in length. So you can technically just substring the string to get desired length. 

var limited = fullString.substring(0, 1024);

Or you can use a package like this : utf8-binary-cutter

Koder
  • 1,794
  • 3
  • 22
  • 41
  • I realized i didn't actually answer the question of 'where' to limit the size of string in socket.io pipeline. But i will leave the answer as it is since people looking for 'how to limit string' might end up here. – Koder Jul 24 '15 at 12:50
  • Just pointing out that every character in the string is not limited to 1 byte. This char ☃ has a length of 3 bytes for example. – Slye Nov 09 '18 at 08:59