From b02bdd566a6552fd942afb89ecf89e39283d64ad Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sun, 16 Aug 2020 22:33:40 +0100
Subject: [PATCH] Problem: ws_engine leaks memory if Sec-WebSocket-Protocol
 header passed multiple times

Solution: ensure it's passed only once
---
 src/ws_engine.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/ws_engine.cpp b/src/ws_engine.cpp
index d1c8333d..07e4d1d7 100644
--- a/src/ws_engine.cpp
+++ b/src/ws_engine.cpp
@@ -865,6 +865,10 @@ bool zmq::ws_engine_t::client_handshake ()
                         strcpy_s (_websocket_accept, _header_value);
                     else if (strcasecmp ("Sec-WebSocket-Protocol", _header_name)
                              == 0) {
+                        if (_mechanism) {
+                            _client_handshake_state = client_handshake_error;
+                            break;
+                        }
                         if (select_protocol (_header_value))
                             strcpy_s (_websocket_protocol, _header_value);
                     }