diff options
author | Kevin Harwell <kharwell@digium.com> | 2018-02-21 14:11:50 -0600 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2018-02-21 14:11:50 -0600 |
commit | 2220be234905d729668570242b73f0d6f9ca42e9 (patch) | |
tree | 701c50da6e9bc26d43463cd664f4ba0ba00885bd /res | |
parent | bd549cf93644b80afc32a145048dcfbe8b9bbdfe (diff) | |
parent | 64361379592bf80d000f3a5802dc6d3a1e9bb8d2 (diff) |
Merge "AST-2018-006: Properly handle WebSocket frames with 0 length payload."
Diffstat (limited to 'res')
-rw-r--r-- | res/res_http_websocket.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c index 81e4970a6..223bb2dd8 100644 --- a/res/res_http_websocket.c +++ b/res/res_http_websocket.c @@ -488,13 +488,20 @@ const char * AST_OPTIONAL_API_NAME(ast_websocket_session_id)(struct ast_websocke * Note during the header parsing stage we try to read in small chunks just what we need, this * is buffered data anyways, no expensive syscall required most of the time ... */ -static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len, enum ast_websocket_opcode *opcode) +static inline int ws_safe_read(struct ast_websocket *session, char *buf, size_t len, enum ast_websocket_opcode *opcode) { ssize_t rlen; int xlen = len; char *rbuf = buf; int sanity = 10; + ast_assert(len > 0); + + if (!len) { + errno = EINVAL; + return -1; + } + ao2_lock(session); if (!session->stream) { ao2_unlock(session); @@ -608,9 +615,12 @@ int AST_OPTIONAL_API_NAME(ast_websocket_read)(struct ast_websocket *session, cha return -1; } - if (ws_safe_read(session, *payload, *payload_len, opcode)) { - return -1; + if (*payload_len) { + if (ws_safe_read(session, *payload, *payload_len, opcode)) { + return -1; + } } + /* If a mask is present unmask the payload */ if (mask_present) { unsigned int pos; |