res_http_websocket: Avoid reading past end of string
We read beyond the end of the buffer when copying the string out of the buffer when we used ast_copy_string() because the original string was not null terminated. Instead switch to ast_strndup() which does not exhibit the same behavior. ASTERISK-28975 #close Change-Id: Ib4a75cffeb1eb8cf01136ef30306bd623e531a2a
This commit is contained in:
parent
21f2044d38
commit
373e97ea4e
|
@ -1473,11 +1473,10 @@ int AST_OPTIONAL_API_NAME(ast_websocket_read_string)
|
|||
}
|
||||
}
|
||||
|
||||
if (!(*buf = ast_malloc(payload_len + 1))) {
|
||||
if (!(*buf = ast_strndup(payload, payload_len))) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
ast_copy_string(*buf, payload, payload_len + 1);
|
||||
return payload_len + 1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue