[Asterisk-code-review] res_http_websocket: Avoid reading past end of string (asterisk[master])

Joshua Colp asteriskteam at digium.com
Mon Jul 13 05:34:48 CDT 2020 

Joshua Colp has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/14626 )

Change subject: res_http_websocket: Avoid reading past end of string
......................................................................

res_http_websocket: Avoid reading past end of string

We read beyond the end of the buffer when copying the string out of the
buffer when we used ast_copy_string() because the original string was
not null terminated. Instead switch to ast_strndup() which does not
exhibit the same behavior.

ASTERISK-28975 #close

Change-Id: Ib4a75cffeb1eb8cf01136ef30306bd623e531a2a
---
M res/res_http_websocket.c
1 file changed, 1 insertion(+), 2 deletions(-)

Approvals:
  Joshua Colp: Looks good to me, approved; Approved for Submit
  Richard Mudgett: Looks good to me, but someone else must approve
  Benjamin Keith Ford: Looks good to me, but someone else must approve
  Nickolay V. Shmyrev: Looks good to me, but someone else must approve



diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index fdcb0d9..ffb6dbc 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -1473,11 +1473,10 @@
 		}
 	}
 
-	if (!(*buf = ast_malloc(payload_len + 1))) {
+	if (!(*buf = ast_strndup(payload, payload_len))) {
 		return -1;
 	}
 
-	ast_copy_string(*buf, payload, payload_len + 1);
 	return payload_len + 1;
 }
 

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14626
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ib4a75cffeb1eb8cf01136ef30306bd623e531a2a
Gerrit-Change-Number: 14626
Gerrit-PatchSet: 4
Gerrit-Owner: Nickolay V. Shmyrev <nshmyrev at alphacephei.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Nickolay V. Shmyrev <nshmyrev at alphacephei.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200713/3bbb1ad0/attachment.html>

More information about the asterisk-code-review mailing list