Skip to content
Snippets Groups Projects
Commit 7e0ebaa2 authored by David M. Lee's avatar David M. Lee
Browse files

Fix segfault for certain invalid WebSocket input. 

The WebSocket code would allocate, on the stack, a string large enough
to hold a key provided by the client, and the WEBSOCKET_GUID. If the key
is NULL, this causes a segfault. If the key is too large, it could
overflow the stack.

This patch checks the key for NULL and checks the length of the key to
avoid stack smashing nastiness.

(closes issue ASTERISK-21825)
Reported by: Alfred Farrugia
Tested by: Alfred Farrugia, David M. Lee
Patches:
    issueA21825_check_if_key_is_sent.patch uploaded by Walter Doekes (license 5674)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@391560 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent 56a4d03e
Branches
Tags
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment