lib/http/protocol/http2/frame.rb in http-protocol-0.3.1 vs lib/http/protocol/http2/frame.rb in http-protocol-0.3.2

@@ -27,10 +27,13 @@
 			END_STREAM = 0x1
 			END_HEADERS = 0x4
 			PADDED = 0x8
 			PRIORITY = 0x20
 			
+			MAXIMUM_ALLOWED_WINDOW_SIZE = 0x7FFFFFFF
+			MAXIMUM_ALLOWED_FRAME_SIZE = 0xFFFFFF
+			
 			class Frame
 				include Comparable
 				
 				# Stream Identifier cannot be bigger than this:
 				# https://http2.github.io/http2-spec/#rfc.section.4.1
@@ -154,11 +157,16 @@
 				
 				def read_payload(io)
 					@payload = io.read(@length)
 				end
 				
-				def read(io)
+				def read(io, maximum_frame_size = MAXIMUM_ALLOWED_FRAME_SIZE)
 					read_header(io) unless @length
+					
+					if @length > maximum_frame_size
+						raise FrameSizeError, "Frame length #{@length} exceeds maximum frame size #{maximum_frame_size}!"
+					end
+					
 					read_payload(io)
 				end
 				
 				def write_header(io)
 					io.write self.header