Review Board 1.7.16


Websocket: Add locking around session access and modification

Review Request #3481 - Created April 25, 2014 and submitted

opticron
branches/11
ASTERISK-23605
Reviewers
asterisk-dev
Asterisk
This resolves a race condition where data could be written to a NULL FILE pointer causing a crash as a websocket connection was in the process of shutting down by adding locking to accesses and modifications of the websocket session struct.

 

Changes between revision 2 and 3

1 2 3 4
1 2 3 4

  1. branches/11/res/res_http_websocket.c: Loading...
branches/11/res/res_http_websocket.c
Diff Revision 2 Diff Revision 3
[20] 501 lines
[+20] [+] int AST_OPTIONAL_API_NAME(ast_websocket_read)(struct ast_websocket *session, char **payload, uint64_t *payload_len, enum ast_websocket_opcode *opcode, int *fragmented)
502
			*payload = session->payload;
502
			*payload = session->payload;
503
			frame_size += (*payload_len);
503
			frame_size += (*payload_len);
504
		}
504
		}
505

    
   
505

   
506
		session->closing = 1;
506
		session->closing = 1;
507
		ast_verb(2, "WebSocket connection from '%s' closed\n", ast_sockaddr_stringify(&session->address));

   
508
	} else {
507
	} else {
509
		ast_log(LOG_WARNING, "WebSocket unknown opcode %d\n", *opcode);
508
		ast_log(LOG_WARNING, "WebSocket unknown opcode %d\n", *opcode);
510
		/* We received an opcode that we don't understand, the RFC states that 1003 is for a type of data that can't be accepted... opcodes
509
		/* We received an opcode that we don't understand, the RFC states that 1003 is for a type of data that can't be accepted... opcodes
511
		 * fit that, I think. */
510
		 * fit that, I think. */
512
		ast_websocket_close(session, 1003);
511
		ast_websocket_close(session, 1003);
[+20] [20] 235 lines
  1. branches/11/res/res_http_websocket.c: Loading...

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.