TUN-8685: Bump coredns dependency

Closes TUN-8685

vendor/github.com/gobwas/ws/wsutil/reader.go

@@ -12,6 +12,10 @@ import (
 // preceding NextFrame() call.
 var ErrNoFrameAdvance = errors.New("no frame advance")
 
+// ErrFrameTooLarge indicates that a message of length higher than
+// MaxFrameSize was being read.
+var ErrFrameTooLarge = errors.New("frame too large")
+
 // FrameHandlerFunc handles parsed frame header and its body represented by
 // io.Reader.
 //
@@ -37,7 +41,17 @@ type Reader struct {
 	// bytes are not valid UTF-8 sequence, ErrInvalidUTF8 returned.
 	CheckUTF8 bool
 
-	// TODO(gobwas): add max frame size limit here.
+	// Extensions is a list of negotiated extensions for reader Source.
+	// It is used to meet the specs and clear appropriate bits in fragment
+	// header RSV segment.
+	Extensions []RecvExtension
+
+	// MaxFrameSize controls the maximum frame size in bytes
+	// that can be read. A message exceeding that size will return
+	// a ErrFrameTooLarge to the application.
+	//
+	// Not setting this field means there is no limit.
+	MaxFrameSize int64
 
 	OnContinuation FrameHandlerFunc
 	OnIntermediate FrameHandlerFunc
@@ -97,12 +111,13 @@ func (r *Reader) Read(p []byte) (n int, err error) {
 
 	n, err = r.frame.Read(p)
 	if err != nil && err != io.EOF {
-		return
+		return n, err
 	}
 	if err == nil && r.raw.N != 0 {
-		return
+		return n, nil
 	}
 
+	// EOF condition (either err is io.EOF or r.raw.N is zero).
 	switch {
 	case r.raw.N != 0:
 		err = io.ErrUnexpectedEOF
@@ -112,6 +127,8 @@ func (r *Reader) Read(p []byte) (n int, err error) {
 		r.resetFragment()
 
 	case r.CheckUTF8 && !r.utf8.Valid():
+		// NOTE: check utf8 only when full message received, since partial
+		// reads may be invalid.
 		n = r.utf8.Accepted()
 		err = ErrInvalidUTF8
 
@@ -120,7 +137,7 @@ func (r *Reader) Read(p []byte) (n int, err error) {
 		err = io.EOF
 	}
 
-	return
+	return n, err
 }
 
 // Discard discards current message unread bytes.
@@ -166,14 +183,29 @@ func (r *Reader) NextFrame() (hdr ws.Header, err error) {
 		return hdr, err
 	}
 
+	if n := r.MaxFrameSize; n > 0 && hdr.Length > n {
+		return hdr, ErrFrameTooLarge
+	}
+
 	// Save raw reader to use it on discarding frame without ciphering and
 	// other streaming checks.
-	r.raw = io.LimitedReader{r.Source, hdr.Length}
+	r.raw = io.LimitedReader{
+		R: r.Source,
+		N: hdr.Length,
+	}
 
 	frame := io.Reader(&r.raw)
 	if hdr.Masked {
 		frame = NewCipherReader(frame, hdr.Mask)
 	}
+
+	for _, x := range r.Extensions {
+		hdr, err = x.UnsetBits(hdr)
+		if err != nil {
+			return hdr, err
+		}
+	}
+
 	if r.fragmented() {
 		if hdr.OpCode.IsControl() {
 			if cb := r.OnIntermediate; cb != nil {
@@ -183,7 +215,7 @@ func (r *Reader) NextFrame() (hdr ws.Header, err error) {
 				// Ensure that src is empty.
 				_, err = io.Copy(ioutil.Discard, &r.raw)
 			}
-			return
+			return hdr, err
 		}
 	} else {
 		r.opCode = hdr.OpCode
@@ -208,7 +240,7 @@ func (r *Reader) NextFrame() (hdr ws.Header, err error) {
 		r.State = r.State.Set(ws.StateFragmented)
 	}
 
-	return
+	return hdr, err
 }
 
 func (r *Reader) fragmented() bool {