[Asterisk-code-review] res http websocket: ensure control frames do not interfere w... (asterisk[16])

George Joseph asteriskteam at digium.com
Mon Jan 28 07:22:19 CST 2019 

George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/10915 )

Change subject: res_http_websocket: ensure control frames do not interfere with data
......................................................................

res_http_websocket: ensure control frames do not interfere with data

Control frames (PING / PONG / CLOSE) can be received in the middle of a
fragmented message. In order to ensure they do not interfere with the
reassembly buffer, we exit early and do not return the payload to the
caller.

ASTERISK-28257 #close

Change-Id: Ia5367144fe08ac6141bba3309517a48ec7f013bc
---
M res/res_http_websocket.c
1 file changed, 11 insertions(+), 2 deletions(-)

Approvals:
  Sean Bright: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved; Approved for Submit



diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index a44f601..e79066b 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -632,9 +632,17 @@
 		}
 
 		/* Per the RFC for PING we need to send back an opcode with the application data as received */
-		if ((*opcode == AST_WEBSOCKET_OPCODE_PING) && (ast_websocket_write(session, AST_WEBSOCKET_OPCODE_PONG, *payload, *payload_len))) {
+		if (*opcode == AST_WEBSOCKET_OPCODE_PING) {
+			if (ast_websocket_write(session, AST_WEBSOCKET_OPCODE_PONG, *payload, *payload_len)) {
+				ast_websocket_close(session, 1009);
+			}
 			*payload_len = 0;
-			ast_websocket_close(session, 1009);
+			return 0;
+		}
+
+		/* Stop PONG processing here */
+		if (*opcode == AST_WEBSOCKET_OPCODE_PONG) {
+			*payload_len = 0;
 			return 0;
 		}
 
@@ -648,6 +656,7 @@
 			return 0;
 		}
 
+		/* Below this point we are handling TEXT, BINARY or CONTINUATION opcodes */
 		if (*payload_len) {
 			if (!(new_payload = ast_realloc(session->payload, (session->payload_len + *payload_len)))) {
 				ast_log(LOG_WARNING, "Failed allocation: %p, %zu, %"PRIu64"\n",

-- 
To view, visit https://gerrit.asterisk.org/10915
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia5367144fe08ac6141bba3309517a48ec7f013bc
Gerrit-Change-Number: 10915
Gerrit-PatchSet: 1
Gerrit-Owner: Jeremy Lainé <jeremy.laine at m4x.org>
Gerrit-Reviewer: Friendly Automation (1000185)
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20190128/fb5c6625/attachment.html>

More information about the asterisk-code-review mailing list