From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 21 Sep 2025 08:18:13 +0000 (+0200)
Subject: ws: reject curl_ws_recv called with NULL buffer with a buflen
X-Git-Tag: rc-8_17_0-2~408
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d57e7cf20d805032740a8b173ea53ea0da1cce62;p=thirdparty%2Fcurl.git

ws: reject curl_ws_recv called with NULL buffer with a buflen

Arguably this is just a bad application.

Reported in Joshua's sarif data

Closes #18656
---

diff --git a/lib/ws.c b/lib/ws.c
index c840961d10..b6ab28a35a 100644
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -1502,7 +1502,7 @@ CURLcode curl_ws_recv(CURL *d, void *buffer,
 
   *nread = 0;
   *metap = NULL;
-  if(!GOOD_EASY_HANDLE(data))
+  if(!GOOD_EASY_HANDLE(data) || (buflen && !buffer))
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   conn = data->conn;