Limit bridge restart base and cap to prevent integer overflow.

Non-critical. Closes oss-fuzz #56302.
3 years ago · 385ddd7d86
parent 77b5dfb770
commit 385ddd7d86
3 changed files with 10 additions and 1 deletions
--- a/man/mosquitto.conf.5.xml
+++ b/man/mosquitto.conf.5.xml
@ -2151,7 +2151,9 @@ openssl dhparam -out dhparam.pem 2048</programlisting>
 						<replaceable>base</replaceable> after a successful connection.
 						When <replaceable>stable</replaceable> is specified, the backoff time
 						will be reset only if the connection remains open for at least
-						<replaceable>stable</replaceable> seconds.</para>
+						<replaceable>stable</replaceable> seconds. Base has a minimum of 1 second
+						and a maximum of 3600 seconds. Cap has a minimum of base, and a maximum of
+						7200 seconds.</para>
 					<para>Set a constant timeout of 20 seconds:</para>
 						<programlisting language="config">
 restart_timeout 20</programlisting>
--- a/mosquitto.conf
+++ b/mosquitto.conf
@ -873,6 +873,7 @@
 # This option can be configured to use a constant delay time in seconds, or to
 # use a backoff mechanism based on "Decorrelated Jitter", which adds a degree
 # of randomness to when the restart occurs.
+# Minimum of 1, maximum of 3600
 #
 # Set a constant timeout of 20 seconds:
 # restart_timeout 20
--- a/src/conf.c
+++ b/src/conf.c
@ -2176,6 +2176,9 @@ static int config__read_file_core(struct mosquitto__config *config, bool reload,
 					if(cur_bridge->restart_timeout < 1){
 						log__printf(NULL, MOSQ_LOG_NOTICE, "restart_timeout interval too low, using 1 second.");
 						cur_bridge->restart_timeout = 1;
+					}else if(cur_bridge->restart_timeout > 3600){
+						log__printf(NULL, MOSQ_LOG_NOTICE, "restart_timeout interval too high, using 3600 seconds.");
+						cur_bridge->restart_timeout = 3600;
 					}
 					token = strtok_r(NULL, " ", &saveptr);
 					if(token){
@ -2184,6 +2187,9 @@ static int config__read_file_core(struct mosquitto__config *config, bool reload,
 						if(cur_bridge->backoff_cap < cur_bridge->backoff_base){
 							log__printf(NULL, MOSQ_LOG_ERR, "Error: backoff cap is lower than the base in restart_timeout.");
 							return MOSQ_ERR_INVAL;
+						}else if(cur_bridge->backoff_cap > 7200){
+							log__printf(NULL, MOSQ_LOG_ERR, "Error: backoff cap too high, using 7200 seconds.");
+							cur_bridge->backoff_cap = 7200;
 						}

 						token = strtok_r(NULL, " ", &saveptr);