avoid parsing whitespace as invalid JSON #3208
Conversation
|
CLA signed |
| @@ -1347,6 +1347,9 @@ static int janus_websockets_common_callback( | |||
| incoming_curr += error.position; | |||
| JANUS_LOG(LOG_HUGE, "[%s-%p] Parsed JSON message - consumed %zu/%zu bytes\n", | |||
| log_prefix, wsi, (size_t)(incoming_curr - ws_client->incoming), incoming_length); | |||
| /* Trailing whitespace after the last message results in invalid JSON error */ | |||
| while isspace(*incoming_curr) | |||
| incoming_curr++; | |||
There was a problem hiding this comment.
This sounds like a dangerous check to me, though, since it's increasing the pointer and dereferencing it without ever checking if it got to the end and beyond (i.e., after incoming_end). This will crash if incoming_curr leaves the boundaries of the allocated space.
There was a problem hiding this comment.
I considered this for a moment, but couldn't see how this could overflow. Still, I agree that it's better to be safe than sorry, so I pushed an update. Thanks for the feedback!
There was a problem hiding this comment.
Thanks! I'll make a couple of quick ckecks later (or tomorrow morning) and in case I can't spot any issue, I'll merge both PRs (thanks for providing a backported version too) 👍
htrendev
force-pushed
the
whitespace-is-not-json
branch
from
a55f6b3
to
41e3b89
Compare
|
Apologies for the late feedback: just tested this and it seems to be working as expected 👌 |
A single WebSocket message may contain multiple requests. The code parses one request, then continues looking for more requests in the same WebSocket message. This works fine as long as the last request has no trailing whitespace. However, if there is any trailing whitespace after the last request an attempt to parse it as JSON results in an error.
This PR simply skips any trailing whitespace after each request