#commit 1f1375a2a615337d3fd1da2aad7a080243cbdcb7
#Author: Eric Covener <covener@apache.org>
#Date:   Wed Mar 4 19:18:27 2015 +0000
#
#    Merge r1657261 from trunk:
#    
#      *) SECURITY: CVE-2015-0228 (cve.mitre.org)
#         mod_lua: A maliciously crafted websockets PING after a script
#         calls r:wsupgrade() can cause a child process crash.
#         [Edward Lu <Chaosed0 gmail.com>]
#    
#    Discovered by Guido Vranken <guidovranken gmail.com>
#    
#    Submitted by: Edward Lu
#    Committed by: covener
#    
#    
#    
#    
#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664118 13f79535-47bb-0310-9956-ffa450edef68
#
--- apache2.orig/modules/lua/lua_request.c
+++ apache2/modules/lua/lua_request.c
@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State
 {
     apr_socket_t *sock;
     apr_status_t rv;
+    int do_read = 1;
     int n = 0;
     apr_size_t len = 1;
     apr_size_t plen = 0;
@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State
     mask_bytes = apr_pcalloc(r->pool, 4);
     sock = ap_get_conn_socket(r->connection);
 
+    while (do_read) { 
+    do_read = 0;
     /* Get opcode and FIN bit */
     if (plaintext) {
         rv = apr_socket_recv(sock, &byte, &len);
@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State
                 frame[0] = 0x8A;
                 frame[1] = 0;
                 apr_socket_send(sock, frame, &plen); /* Pong! */
-                lua_websocket_read(L); /* read the next frame instead */
+                do_read = 1;
             }
         }
     }
+    }
     return 0;
 }