From 5247ba4b88825868e0df1de1a863db943cca3601 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Mon, 6 Nov 2017 18:11:08 -0500
Subject: [PATCH] res_ari_events: Fix use after free / double-free of JSON
 message.

When stasis_app_message_handler needs to queue a message for a later
connection it needs to bump the message reference so it doesn't get
freed when the caller releases it's reference.

Change-Id: I82696df8fe723b3365c15c3f7089501da8daa892
---
 res/ari/resource_events.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/res/ari/resource_events.c b/res/ari/resource_events.c
index 4be5d02231..992c562a71 100644
--- a/res/ari/resource_events.c
+++ b/res/ari/resource_events.c
@@ -108,7 +108,9 @@ static void stasis_app_message_handler(
 		        msg_application);
 	} else if (!session->ws_session) {
 		/* If the websocket is NULL, the message goes to the queue */
-		AST_VECTOR_APPEND(&session->message_queue, message);
+		if (!AST_VECTOR_APPEND(&session->message_queue, message)) {
+			ast_json_ref(message);
+		}
 		ast_log(LOG_WARNING,
 				"Queued '%s' message for Stasis app '%s'; websocket is not ready\n",
 				msg_type,
-- 
GitLab