github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix leak on crafted MQTT v5 CONNECT.

Browse Source 
If a MQTT v5 client connects with a crafted CONNECT packet a memory leak
will occur.

Thanks to Kathrin Kleinhammer.
release/1.6
Roger A. Light 4 years ago
parent 9f0b9aecd4
commit 1d18b3e3c7
5 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File

8
ChangeLog.txt
Unescape Escape View File

@ -1,3 +1,11 @@
1.6.15 - 2021-06-08
===================
Security:
- If a MQTT v5 client connects with a crafted CONNECT packet a memory leak
will occur. This has been fixed.
1.6.14 - 2021-02-04 1.6.14 - 2021-02-04
=================== ===================

2
src/handle_connect.c
Unescape Escape View File

@ -882,11 +882,13 @@ handle_connect_error:
mosquitto__free(will_struct->msg.topic); mosquitto__free(will_struct->msg.topic);
mosquitto__free(will_struct); mosquitto__free(will_struct);
} }
context->will = NULL;
#ifdef WITH_TLS #ifdef WITH_TLS
if(client_cert) X509_free(client_cert); if(client_cert) X509_free(client_cert);
#endif #endif
/* We return an error here which means the client is freed later on. */ /* We return an error here which means the client is freed later on. */
context->clean_start = true; context->clean_start = true;
context->session_expiry_interval = 0; context->session_expiry_interval = 0;
context->will_delay_interval = 0;
return rc; return rc;
} }

32
test/broker/07-will-delay-invalid-573191.py
Unescape Escape View File

@ -0,0 +1,32 @@
#!/usr/bin/env python3
# Test for https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191
# Check under valgrind/asan for leaks.
from mosq_test_helper import *
def do_test():
rc = 1
keepalive = 60
mid = 1
props = mqtt5_props.gen_uint32_prop(mqtt5_props.PROP_WILL_DELAY_INTERVAL, 3)
connect_packet = mosq_test.gen_connect("will-573191-test", keepalive=keepalive, proto_ver=5, will_topic="", will_properties=props)
connack_packet = b""
port = mosq_test.get_port()
broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port)
try:
sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=30, port=port)
sock.close()
rc = 0
finally:
broker.terminate()
broker.wait()
(stdo, stde) = broker.communicate()
if rc:
print(stde.decode('utf-8'))
exit(rc)
do_test()

1
test/broker/Makefile
Unescape Escape View File

@ -140,6 +140,7 @@ endif
./06-bridge-reconnect-local-out.py ./06-bridge-reconnect-local-out.py
07 : 07 :
./07-will-delay-invalid-573191.py
./07-will-delay-reconnect.py ./07-will-delay-reconnect.py
./07-will-delay-recover.py ./07-will-delay-recover.py
./07-will-delay-session-expiry.py ./07-will-delay-session-expiry.py

1
test/broker/test.py
Unescape Escape View File

@ -114,6 +114,7 @@ tests = [
(3, './06-bridge-per-listener-settings.py'), (3, './06-bridge-per-listener-settings.py'),
(2, './06-bridge-reconnect-local-out.py'), (2, './06-bridge-reconnect-local-out.py'),
(1, './07-will-delay-invalid-573191.py'),
(1, './07-will-delay-reconnect.py'), (1, './07-will-delay-reconnect.py'),
(1, './07-will-delay-recover.py'), (1, './07-will-delay-recover.py'),
(1, './07-will-delay-session-expiry.py'), (1, './07-will-delay-session-expiry.py'),

Write Preview
Loading…
Cancel
Save