kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 19:16:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_http_websocket: Avoid reading past end of string

Browse Source 
We read beyond the end of the buffer when copying the string out of the
buffer when we used ast_copy_string() because the original string was
not null terminated. Instead switch to ast_strndup() which does not
exhibit the same behavior.

ASTERISK-28975 #close

Change-Id: Ib4a75cffeb1eb8cf01136ef30306bd623e531a2a
This commit is contained in:
Nickolay Shmyrev
2020-07-03 00:19:50 +02:00
committed by Sean Bright
parent 11cee28e4f
commit c3b3b681fb
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
res/res_http_websocket.c
View File

@@ -1473,11 +1473,10 @@ int AST_OPTIONAL_API_NAME(ast_websocket_read_string)
}
}
if (!(*buf = ast_malloc(payload_len + 1))) {
if (!(*buf = ast_strndup(payload, payload_len))) {
return -1;
}
ast_copy_string(*buf, payload, payload_len + 1);
return payload_len + 1;
}