kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 58864005e0e78114b5f6b826523294017431c623
parent b869041a142e1e1a1b590cebe3bab4a7ac4ad339
Author: Joris Vink <joris@coders.se>
Date:   Fri, 24 Apr 2015 09:22:32 +0200

Do not leak key in kore_websocket_handshake on error.

Diffstat:
src/websocket.c | 2++
1 file changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/websocket.c b/src/websocket.c @@ -64,12 +64,14 @@ kore_websocket_handshake(struct http_request *req, struct kore_wscbs *wscbs) } if (!http_request_header(req, "sec-websocket-version", &version)) { + kore_mem_free(key); http_response_header(req, "sec-websocket-version", "13"); http_response(req, HTTP_STATUS_BAD_REQUEST, NULL, 0); return; } if (strcmp(version, "13")) { + kore_mem_free(key); kore_mem_free(version); http_response_header(req, "sec-websocket-version", "13"); http_response(req, HTTP_STATUS_BAD_REQUEST, NULL, 0);