From c2e0abce2eedc1ba2a1b32c46fd07ef18a25354a Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Thu, 17 Nov 2022 15:33:03 +0100
Subject: [PATCH] ethstats: set readlimit on ethstats server connection
 (#26207)

This prevents DoS when connected to a malicious ethstats server.
---
 ethstats/ethstats.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ethstats/ethstats.go b/ethstats/ethstats.go
index f6ad36051..e059844a1 100644
--- a/ethstats/ethstats.go
+++ b/ethstats/ethstats.go
@@ -57,6 +57,8 @@ const (
 	txChanSize = 4096
 	// chainHeadChanSize is the size of channel listening to ChainHeadEvent.
 	chainHeadChanSize = 10
+
+	messageSizeLimit = 15 * 1024 * 1024
 )
 
 // backend encompasses the bare-minimum functionality needed for ethstats reporting
@@ -121,6 +123,7 @@ type connWrapper struct {
 }
 
 func newConnectionWrapper(conn *websocket.Conn) *connWrapper {
+	conn.SetReadLimit(messageSizeLimit)
 	return &connWrapper{conn: conn}
 }