EVM-819 DoS on Websockets (#1871)

command/server/config/config.go

@@ -36,6 +36,7 @@ type Config struct {
 	NumBlockConfirmations uint64 `json:"num_block_confirmations" yaml:"num_block_confirmations"`
 
 	ConcurrentRequestsDebug uint64 `json:"concurrent_requests_debug" yaml:"concurrent_requests_debug"`
+	WebSocketReadLimit      uint64 `json:"web_socket_read_limit" yaml:"web_socket_read_limit"`
 }
 
 // Telemetry holds the config details for metric services.
@@ -82,8 +83,13 @@ const (
 	// on ethereum epoch lasts for 32 blocks. more details: https://www.alchemy.com/overviews/ethereum-commitment-levels
 	DefaultNumBlockConfirmations uint64 = 64
 
-	// Maximum number of allowed concurrent requests for debug endpoints
+	// DefaultConcurrentRequestsDebug specifies max number of allowed concurrent requests for debug endpoints
 	DefaultConcurrentRequestsDebug uint64 = 32
+
+	// DefaultWebSocketReadLimit specifies max size in bytes for a message read from the peer by Gorrila websocket lib.
+	// If a message exceeds the limit,
+	// the connection sends a close message to the peer and returns ErrReadLimit to the application.
+	DefaultWebSocketReadLimit uint64 = 8192
 )
 
 // DefaultConfig returns the default server configuration
@@ -122,6 +128,7 @@ func DefaultConfig() *Config {
 		Relayer:                  false,
 		NumBlockConfirmations:    DefaultNumBlockConfirmations,
 		ConcurrentRequestsDebug:  DefaultConcurrentRequestsDebug,
+		WebSocketReadLimit:       DefaultWebSocketReadLimit,
 	}
 }
 

command/server/params.go

@@ -42,6 +42,7 @@ const (
 	numBlockConfirmationsFlag = "num-block-confirmations"
 
 	concurrentRequestsDebugFlag = "concurrent-requests-debug"
+	webSocketReadLimitFlag      = "websocket-read-limit"
 )
 
 // Flags that are deprecated, but need to be preserved for
@@ -155,6 +156,7 @@ func (p *serverParams) generateConfig() *server.Config {
 			BatchLengthLimit:         p.rawConfig.JSONRPCBatchRequestLimit,
 			BlockRangeLimit:          p.rawConfig.JSONRPCBlockRangeLimit,
 			ConcurrentRequestsDebug:  p.rawConfig.ConcurrentRequestsDebug,
+			WebSocketReadLimit:       p.rawConfig.WebSocketReadLimit,
 		},
 		GRPCAddr:   p.grpcAddress,
 		LibP2PAddr: p.libp2pAddress,

command/server/server.go

@@ -235,6 +235,13 @@ func setFlags(cmd *cobra.Command) {
 		"maximal number of concurrent requests for debug endpoints",
 	)
 
+	cmd.Flags().Uint64Var(
+		&params.rawConfig.WebSocketReadLimit,
+		webSocketReadLimitFlag,
+		defaultConfig.WebSocketReadLimit,
+		"maximum size in bytes for a message read from the peer by websocket",
+	)
+
 	setLegacyFlags(cmd)
 
 	setDevFlags(cmd)

jsonrpc/jsonrpc.go

@@ -70,6 +70,7 @@ type Config struct {
 	BlockRangeLimit          uint64
 
 	ConcurrentRequestsDebug uint64
+	WebSocketReadLimit      uint64
 }
 
 // NewJSONRPC returns the JSONRPC http server
@@ -222,6 +223,11 @@ func (j *JSONRPC) handleWs(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	// Set a read limit (maximum message size) for this connection
+	if j.config.WebSocketReadLimit != 0 {
+		ws.SetReadLimit(int64(j.config.WebSocketReadLimit))
+	}
+
 	// Defer WS closure
 	defer func(ws *websocket.Conn) {
 		err = ws.Close()

server/config.go

@@ -58,4 +58,5 @@ type JSONRPC struct {
 	BatchLengthLimit         uint64
 	BlockRangeLimit          uint64
 	ConcurrentRequestsDebug  uint64
+	WebSocketReadLimit       uint64
 }

server/server.go

@@ -897,6 +897,7 @@ func (s *Server) setupJSONRPC() error {
 		BatchLengthLimit:         s.config.JSONRPC.BatchLengthLimit,
 		BlockRangeLimit:          s.config.JSONRPC.BlockRangeLimit,
 		ConcurrentRequestsDebug:  s.config.JSONRPC.ConcurrentRequestsDebug,
+		WebSocketReadLimit:       s.config.JSONRPC.WebSocketReadLimit,
 	}
 
 	srv, err := jsonrpc.NewJSONRPC(s.logger, conf)