From 8b18247af6d29e4b146c622f0a5a7f6866662360 Mon Sep 17 00:00:00 2001
From: Sean Bright <sean.bright@gmail.com>
Date: Sun, 18 Feb 2018 11:27:38 -0500
Subject: [PATCH] res_http_websocket: Don't leak memory on read failure

Change-Id: Ic449ea832bc81a1671c0e910c5fbe8c683e3da89
---
 res/res_http_websocket.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index bcad1c39c7..81e4970a66 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -666,18 +666,27 @@ int AST_OPTIONAL_API_NAME(ast_websocket_read)(struct ast_websocket *session, cha
 			session->payload_len = 0;
 		}
 	} else if (*opcode == AST_WEBSOCKET_OPCODE_CLOSE) {
+		session->closing = 1;
+
 		/* Make the payload available so the user can look at the reason code if they so desire */
-		if ((*payload_len) && (new_payload = ast_realloc(session->payload, *payload_len))) {
-			if (ws_safe_read(session, &buf[frame_size], (*payload_len), opcode)) {
-				return -1;
-			}
-			session->payload = new_payload;
-			memcpy(session->payload, &buf[frame_size], *payload_len);
-			*payload = session->payload;
-			frame_size += (*payload_len);
+		if (!*payload_len) {
+			return 0;
 		}
 
-		session->closing = 1;
+		if (!(new_payload = ast_realloc(session->payload, *payload_len))) {
+			ast_log(LOG_WARNING, "Failed allocation: %p, %"PRIu64"\n",
+					session->payload, *payload_len);
+			*payload_len = 0;
+			return -1;
+		}
+
+		session->payload = new_payload;
+		if (ws_safe_read(session, &buf[frame_size], *payload_len, opcode)) {
+			return -1;
+		}
+		memcpy(session->payload, &buf[frame_size], *payload_len);
+		*payload = session->payload;
+		frame_size += *payload_len;
 	} else {
 		ast_log(LOG_WARNING, "WebSocket unknown opcode %u\n", *opcode);
 		/* We received an opcode that we don't understand, the RFC states that 1003 is for a type of data that can't be accepted... opcodes
-- 
GitLab