[Asterisk-code-review] res_http_websocket: Avoid reading past end of string (asterisk[13])

Joshua Colp asteriskteam at digium.com
Mon Jul 13 05:34:05 CDT 2020 

Joshua Colp has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/14653 )

Change subject: res_http_websocket: Avoid reading past end of string
......................................................................

res_http_websocket: Avoid reading past end of string

We read beyond the end of the buffer when copying the string out of the
buffer when we used ast_copy_string() because the original string was
not null terminated. Instead switch to ast_strndup() which does not
exhibit the same behavior.

ASTERISK-28975 #close

Change-Id: Ib4a75cffeb1eb8cf01136ef30306bd623e531a2a
---
M res/res_http_websocket.c
1 file changed, 1 insertion(+), 2 deletions(-)

Approvals:
  Richard Mudgett: Looks good to me, but someone else must approve
  Benjamin Keith Ford: Looks good to me, but someone else must approve
  Nickolay V. Shmyrev: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved; Approved for Submit



diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index 541c22f..1f8a58d 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -1455,11 +1455,10 @@
 		}
 	}
 
-	if (!(*buf = ast_malloc(payload_len + 1))) {
+	if (!(*buf = ast_strndup(payload, payload_len))) {
 		return -1;
 	}
 
-	ast_copy_string(*buf, payload, payload_len + 1);
 	return payload_len + 1;
 }
 

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14653
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: Ib4a75cffeb1eb8cf01136ef30306bd623e531a2a
Gerrit-Change-Number: 14653
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Nickolay V. Shmyrev <nshmyrev at alphacephei.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200713/c48e7308/attachment.html>

More information about the asterisk-code-review mailing list