From 67ac6812eec544b8e77d5aeb7b6743a2164d405e Mon Sep 17 00:00:00 2001 From: Corey Farrell Date: Mon, 6 Nov 2017 18:11:08 -0500 Subject: res_ari_events: Fix use after free / double-free of JSON message. When stasis_app_message_handler needs to queue a message for a later connection it needs to bump the message reference so it doesn't get freed when the caller releases it's reference. Change-Id: I82696df8fe723b3365c15c3f7089501da8daa892 --- res/ari/resource_events.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'res') diff --git a/res/ari/resource_events.c b/res/ari/resource_events.c index 4be5d0223..992c562a7 100644 --- a/res/ari/resource_events.c +++ b/res/ari/resource_events.c @@ -108,7 +108,9 @@ static void stasis_app_message_handler( msg_application); } else if (!session->ws_session) { /* If the websocket is NULL, the message goes to the queue */ - AST_VECTOR_APPEND(&session->message_queue, message); + if (!AST_VECTOR_APPEND(&session->message_queue, message)) { + ast_json_ref(message); + } ast_log(LOG_WARNING, "Queued '%s' message for Stasis app '%s'; websocket is not ready\n", msg_type, -- cgit v1.2.3