From 84e19a7b7fef78551ef6535298a1f3fd395c3444 Mon Sep 17 00:00:00 2001
From: Daniel Liu <139250065@qq.com>
Date: Mon, 8 Sep 2025 15:40:41 +0800
Subject: [PATCH] ethstats: set readlimit on ethstats server connection #26207
 (#1450)

This prevents DoS when connected to a malicious ethstats server.

Co-authored-by: Martin Holst Swende <martin@swende.se>
---
 ethstats/ethstats.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ethstats/ethstats.go b/ethstats/ethstats.go
index 700b1b571a..0b9bfb787c 100644
--- a/ethstats/ethstats.go
+++ b/ethstats/ethstats.go
@@ -57,6 +57,8 @@ const (
 	txChanSize = 4096
 	// chainHeadChanSize is the size of channel listening to ChainHeadEvent.
 	chainHeadChanSize = 10
+
+	messageSizeLimit = 15 * 1024 * 1024
 )
 
 type consensusEngine interface {
@@ -129,6 +131,7 @@ type connWrapper struct {
 }
 
 func newConnectionWrapper(conn *websocket.Conn) *connWrapper {
+	conn.SetReadLimit(messageSizeLimit)
 	return &connWrapper{conn: conn}
 }