[Asterisk-code-review] res http websocket: Don't leak memory on read failure (asterisk[master])

Jenkins2 asteriskteam at digium.com
Tue Feb 20 13:55:59 CST 2018


Jenkins2 has submitted this change and it was merged. ( https://gerrit.asterisk.org/8255 )

Change subject: res_http_websocket: Don't leak memory on read failure
......................................................................

res_http_websocket: Don't leak memory on read failure

Change-Id: Ic449ea832bc81a1671c0e910c5fbe8c683e3da89
---
M res/res_http_websocket.c
1 file changed, 18 insertions(+), 9 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, but someone else must approve
  Corey Farrell: Looks good to me, but someone else must approve
  Matthew Fredrickson: Looks good to me, approved
  Jenkins2: Approved for Submit



diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index bcad1c3..81e4970 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -666,18 +666,27 @@
 			session->payload_len = 0;
 		}
 	} else if (*opcode == AST_WEBSOCKET_OPCODE_CLOSE) {
+		session->closing = 1;
+
 		/* Make the payload available so the user can look at the reason code if they so desire */
-		if ((*payload_len) && (new_payload = ast_realloc(session->payload, *payload_len))) {
-			if (ws_safe_read(session, &buf[frame_size], (*payload_len), opcode)) {
-				return -1;
-			}
-			session->payload = new_payload;
-			memcpy(session->payload, &buf[frame_size], *payload_len);
-			*payload = session->payload;
-			frame_size += (*payload_len);
+		if (!*payload_len) {
+			return 0;
 		}
 
-		session->closing = 1;
+		if (!(new_payload = ast_realloc(session->payload, *payload_len))) {
+			ast_log(LOG_WARNING, "Failed allocation: %p, %"PRIu64"\n",
+					session->payload, *payload_len);
+			*payload_len = 0;
+			return -1;
+		}
+
+		session->payload = new_payload;
+		if (ws_safe_read(session, &buf[frame_size], *payload_len, opcode)) {
+			return -1;
+		}
+		memcpy(session->payload, &buf[frame_size], *payload_len);
+		*payload = session->payload;
+		frame_size += *payload_len;
 	} else {
 		ast_log(LOG_WARNING, "WebSocket unknown opcode %u\n", *opcode);
 		/* We received an opcode that we don't understand, the RFC states that 1003 is for a type of data that can't be accepted... opcodes

-- 
To view, visit https://gerrit.asterisk.org/8255
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic449ea832bc81a1671c0e910c5fbe8c683e3da89
Gerrit-Change-Number: 8255
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Matthew Fredrickson <creslin at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180220/bf5fdb3c/attachment.html>


More information about the asterisk-code-review mailing list