-
Joshua Colp authored
Frames with a payload length of 0 were incorrectly handled in res_http_websocket. Provided a frame with a payload had been received prior it was possible for a double free to occur. The realloc operation would succeed (thus freeing the payload) but be treated as an error. When the session was then torn down the payload would be freed again causing a crash. The read function now takes this into account. This change also fixes assumptions made by users of res_http_websocket. There is no guarantee that a frame received from it will be NULL terminated. ASTERISK-24472 #close Reported by: Badalian Vyacheslav Review: https://reviewboard.asterisk.org/r/4220/ Review: https://reviewboard.asterisk.org/r/4219/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429270 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Joshua Colp authoredFrames with a payload length of 0 were incorrectly handled in res_http_websocket. Provided a frame with a payload had been received prior it was possible for a double free to occur. The realloc operation would succeed (thus freeing the payload) but be treated as an error. When the session was then torn down the payload would be freed again causing a crash. The read function now takes this into account. This change also fixes assumptions made by users of res_http_websocket. There is no guarantee that a frame received from it will be NULL terminated. ASTERISK-24472 #close Reported by: Badalian Vyacheslav Review: https://reviewboard.asterisk.org/r/4220/ Review: https://reviewboard.asterisk.org/r/4219/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429270 65c4cc65-6c06-0410-ace0-fbb531ad65f3
