Do not leak key in kore_websocket_handshake on error. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit 58864005e0e78114b5f6b826523294017431c623
parent b869041a142e1e1a1b590cebe3bab4a7ac4ad339
Author: Joris Vink <joris@coders.se>
Date:   Fri, 24 Apr 2015 09:22:32 +0200

Do not leak key in kore_websocket_handshake on error.

Diffstat:
src/websocket.c  | 2 ++

1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/websocket.c b/src/websocket.c
@@ -64,12 +64,14 @@ kore_websocket_handshake(struct http_request *req, struct kore_wscbs *wscbs)
 	}
 
 	if (!http_request_header(req, "sec-websocket-version", &version)) {
+		kore_mem_free(key);
 		http_response_header(req, "sec-websocket-version", "13");
 		http_response(req, HTTP_STATUS_BAD_REQUEST, NULL, 0);
 		return;
 	}
 
 	if (strcmp(version, "13")) {
+		kore_mem_free(key);
 		kore_mem_free(version);
 		http_response_header(req, "sec-websocket-version", "13");
 		http_response(req, HTTP_STATUS_BAD_REQUEST, NULL, 0);

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git