diff --git a/client/client_props.c b/client/client_props.c index 4d187425..efe25ccc 100644 --- a/client/client_props.c +++ b/client/client_props.c @@ -65,6 +65,8 @@ int cfg_parse_property(struct mosq_config *cfg, int argc, char *argv[], int *idx int cmd, identifier, type; mosquitto_property **proplist; int rc; + long tmpl; + size_t szt; /* idx now points to "command" */ if((*idx)+2 > argc-1){ @@ -161,19 +163,44 @@ int cfg_parse_property(struct mosq_config *cfg, int argc, char *argv[], int *idx switch(type){ case MQTT_PROP_TYPE_BYTE: - rc = mosquitto_property_add_byte(proplist, identifier, atoi(value)); + tmpl = atol(value); + if(tmpl < 0 || tmpl > UINT8_MAX){ + fprintf(stderr, "Error: Property value (%ld) out of range for property %s.\n\n", tmpl, propname); + return MOSQ_ERR_INVAL; + } + rc = mosquitto_property_add_byte(proplist, identifier, (uint8_t )tmpl); break; case MQTT_PROP_TYPE_INT16: - rc = mosquitto_property_add_int16(proplist, identifier, atoi(value)); + tmpl = atol(value); + if(tmpl < 0 || tmpl > UINT16_MAX){ + fprintf(stderr, "Error: Property value (%ld) out of range for property %s.\n\n", tmpl, propname); + return MOSQ_ERR_INVAL; + } + rc = mosquitto_property_add_int16(proplist, identifier, (uint16_t )tmpl); break; case MQTT_PROP_TYPE_INT32: - rc = mosquitto_property_add_int32(proplist, identifier, atoi(value)); + tmpl = atol(value); + if(tmpl < 0 || tmpl > UINT32_MAX){ + fprintf(stderr, "Error: Property value (%ld) out of range for property %s.\n\n", tmpl, propname); + return MOSQ_ERR_INVAL; + } + rc = mosquitto_property_add_int32(proplist, identifier, (uint32_t )tmpl); break; case MQTT_PROP_TYPE_VARINT: - rc = mosquitto_property_add_varint(proplist, identifier, atoi(value)); + tmpl = atol(value); + if(tmpl < 0 || tmpl > UINT32_MAX){ + fprintf(stderr, "Error: Property value (%ld) out of range for property %s.\n\n", tmpl, propname); + return MOSQ_ERR_INVAL; + } + rc = mosquitto_property_add_varint(proplist, identifier, (uint32_t )tmpl); break; case MQTT_PROP_TYPE_BINARY: - rc = mosquitto_property_add_binary(proplist, identifier, value, strlen(value)); + szt = strlen(value); + if(szt > UINT16_MAX){ + fprintf(stderr, "Error: Property value too long for property %s.\n\n", propname); + return MOSQ_ERR_INVAL; + } + rc = mosquitto_property_add_binary(proplist, identifier, value, (uint16_t )szt); break; case MQTT_PROP_TYPE_STRING: rc = mosquitto_property_add_string(proplist, identifier, value); diff --git a/client/client_shared.c b/client/client_shared.c index 8239b40b..0f24ce5e 100644 --- a/client/client_shared.c +++ b/client/client_shared.c @@ -45,7 +45,7 @@ static int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int static int check_format(const char *str) { int i; - int len; + size_t len; len = strlen(str); for(i=0; iconnect_props, MQTT_PROP_SESSION_EXPIRY_INTERVAL, cfg->session_expiry_interval); + rc = mosquitto_property_add_int32(&cfg->connect_props, MQTT_PROP_SESSION_EXPIRY_INTERVAL, (uint32_t )cfg->session_expiry_interval); if(rc){ fprintf(stderr, "Error adding property session-expiry-interval\n"); } @@ -425,7 +425,7 @@ int client_config_load(struct mosq_config *cfg, int pub_or_sub, int argc, char * int cfg_add_topic(struct mosq_config *cfg, int type, char *topic, const char *arg) { - if(mosquitto_validate_utf8(topic, strlen(topic))){ + if(mosquitto_validate_utf8(topic, (int )strlen(topic))){ fprintf(stderr, "Error: Malformed UTF-8 in %s argument.\n\n", arg); return 1; } @@ -447,7 +447,7 @@ int cfg_add_topic(struct mosq_config *cfg, int type, char *topic, const char *ar return 1; } cfg->topic_count++; - cfg->topics = realloc(cfg->topics, cfg->topic_count*sizeof(char *)); + cfg->topics = realloc(cfg->topics, (size_t )cfg->topic_count*sizeof(char *)); if(!cfg->topics){ err_printf(cfg, "Error: Out of memory.\n"); return 1; @@ -461,7 +461,9 @@ int cfg_add_topic(struct mosq_config *cfg, int type, char *topic, const char *ar int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, char *argv[]) { int i; + int tmpi; float f; + size_t szt; for(i=1; imessage = strdup(argv[i+1]); - cfg->msglen = strlen(cfg->message); + if(cfg->message == NULL){ + fprintf(stderr, "Error: Out of memory.\n\n"); + return 1; + } + szt = strlen(cfg->message); + if(szt > MQTT_MAX_PAYLOAD){ + fprintf(stderr, "Error: Message length must be less than %u bytes.\n\n", MQTT_MAX_PAYLOAD); + return 1; + } + cfg->msglen = (int )szt; cfg->pub_mode = MSGMODE_CMD; } i++; @@ -737,7 +748,12 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c fprintf(stderr, "Error: -M argument given but max_inflight not specified.\n\n"); return 1; }else{ - cfg->max_inflight = atoi(argv[i+1]); + tmpi = atoi(argv[i+1]); + if(tmpi < 1){ + fprintf(stderr, "Error: Maximum inflight messages must be greater than 0.\n\n"); + return 1; + } + cfg->max_inflight = (unsigned int )tmpi; } i++; }else if(!strcmp(argv[i], "-n") || !strcmp(argv[i], "--null-message")){ @@ -858,13 +874,13 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c fprintf(stderr, "Error: --repeat-delay argument given but no time specified.\n\n"); return 1; }else{ - f = atof(argv[i+1]); + f = (float )atof(argv[i+1]); if(f < 0.0f){ fprintf(stderr, "Error: --repeat-delay argument must be >=0.0.\n\n"); return 1; } - f *= 1.0e6; - cfg->repeat_delay.tv_sec = (int)f/1e6; + f *= 1.0e6f; + cfg->repeat_delay.tv_sec = (int)f/1000000; cfg->repeat_delay.tv_usec = (int)f%1000000; } i++; @@ -909,7 +925,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c fprintf(stderr, "Error: -T argument given but no topic filter specified.\n\n"); return 1; }else{ - if(mosquitto_validate_utf8(argv[i+1], strlen(argv[i+1]))){ + if(mosquitto_validate_utf8(argv[i+1], (int )strlen(argv[i+1]))){ fprintf(stderr, "Error: Malformed UTF-8 in -T argument.\n\n"); return 1; } @@ -918,7 +934,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c return 1; } cfg->filter_out_count++; - cfg->filter_outs = realloc(cfg->filter_outs, cfg->filter_out_count*sizeof(char *)); + cfg->filter_outs = realloc(cfg->filter_outs, (size_t )cfg->filter_out_count*sizeof(char *)); if(!cfg->filter_outs){ fprintf(stderr, "Error: Out of memory.\n"); return 1; @@ -968,7 +984,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c fprintf(stderr, "Error: -U argument given but no unsubscribe topic specified.\n\n"); return 1; }else{ - if(mosquitto_validate_utf8(argv[i+1], strlen(argv[i+1]))){ + if(mosquitto_validate_utf8(argv[i+1], (int )strlen(argv[i+1]))){ fprintf(stderr, "Error: Malformed UTF-8 in -U argument.\n\n"); return 1; } @@ -977,7 +993,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c return 1; } cfg->unsub_topic_count++; - cfg->unsub_topics = realloc(cfg->unsub_topics, cfg->unsub_topic_count*sizeof(char *)); + cfg->unsub_topics = realloc(cfg->unsub_topics, (size_t )cfg->unsub_topic_count*sizeof(char *)); if(!cfg->unsub_topics){ fprintf(stderr, "Error: Out of memory.\n"); return 1; @@ -1023,11 +1039,12 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c fprintf(stderr, "Error: -W argument given but no timeout specified.\n\n"); return 1; }else{ - cfg->timeout = atoi(argv[i+1]); - if(cfg->timeout < 1){ - fprintf(stderr, "Error: Invalid timeout \"%d\".\n\n", cfg->msg_count); + tmpi = atoi(argv[i+1]); + if(tmpi < 1){ + fprintf(stderr, "Error: Invalid timeout \"%d\".\n\n", tmpi); return 1; } + cfg->timeout = (unsigned int )tmpi; } i++; } @@ -1037,7 +1054,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c return 1; }else{ cfg->will_payload = strdup(argv[i+1]); - cfg->will_payloadlen = strlen(cfg->will_payload); + cfg->will_payloadlen = (int )strlen(cfg->will_payload); } i++; }else if(!strcmp(argv[i], "--will-qos")){ @@ -1059,7 +1076,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c fprintf(stderr, "Error: --will-topic argument given but no will topic specified.\n\n"); return 1; }else{ - if(mosquitto_validate_utf8(argv[i+1], strlen(argv[i+1]))){ + if(mosquitto_validate_utf8(argv[i+1], (int )strlen(argv[i+1]))){ fprintf(stderr, "Error: Malformed UTF-8 in --will-topic argument.\n\n"); return 1; } @@ -1241,7 +1258,7 @@ int client_connect(struct mosquitto *mosq, struct mosq_config *cfg) static int mosquitto__urldecode(char *str) { int i, j; - int len; + size_t len; if(!str) return 0; if(!strchr(str, '%')) return 0; diff --git a/client/client_shared.h b/client/client_shared.h index 772a053d..ed917107 100644 --- a/client/client_shared.h +++ b/client/client_shared.h @@ -50,7 +50,7 @@ struct mosq_config { int pub_mode; /* pub, rr */ char *file_input; /* pub, rr */ char *message; /* pub, rr */ - long msglen; /* pub, rr */ + int msglen; /* pub, rr */ char *topic; /* pub, rr */ char *bind_address; int repeat_count; /* pub */ @@ -65,7 +65,7 @@ struct mosq_config { char *password; char *will_topic; char *will_payload; - long will_payloadlen; + int will_payloadlen; int will_qos; bool will_retain; #ifdef WITH_TLS @@ -100,7 +100,7 @@ struct mosq_config { bool eol; /* sub */ int msg_count; /* sub */ char *format; /* sub */ - int timeout; /* sub */ + unsigned int timeout; /* sub */ int sub_opts; /* sub */ long session_expiry_interval; #ifdef WITH_SOCKS diff --git a/client/pub_client.c b/client/pub_client.c index cb8f54c7..ef0bf16e 100644 --- a/client/pub_client.c +++ b/client/pub_client.c @@ -76,7 +76,7 @@ static void set_repeat_time(void) next_publish_tv.tv_sec += cfg.repeat_delay.tv_sec; next_publish_tv.tv_usec += cfg.repeat_delay.tv_usec; - next_publish_tv.tv_sec += next_publish_tv.tv_usec/1e6; + next_publish_tv.tv_sec += next_publish_tv.tv_usec/1000000; next_publish_tv.tv_usec = next_publish_tv.tv_usec%1000000; } @@ -211,7 +211,7 @@ void my_publish_callback(struct mosquitto *mosq, void *obj, int mid, int reason_ int pub_shared_init(void) { - line_buf = malloc(line_buf_len); + line_buf = malloc((size_t )line_buf_len); if(!line_buf){ err_printf(&cfg, "Error: Out of memory.\n"); return 1; @@ -236,7 +236,7 @@ int pub_stdin_line_loop(struct mosquitto *mosq) pos = 0; read_len = line_buf_len; while(status == STATUS_CONNACK_RECVD && fgets(&line_buf[pos], read_len, stdin)){ - buf_len_actual = strlen(line_buf); + buf_len_actual = (int )strlen(line_buf); if(line_buf[buf_len_actual-1] == '\n'){ line_buf[buf_len_actual-1] = '\0'; rc = my_publish(mosq, &mid_sent, cfg.topic, buf_len_actual-1, line_buf, cfg.qos, cfg.retain); @@ -250,7 +250,7 @@ int pub_stdin_line_loop(struct mosquitto *mosq) line_buf_len += 1024; pos += 1023; read_len = 1024; - buf2 = realloc(line_buf, line_buf_len); + buf2 = realloc(line_buf, (size_t )line_buf_len); if(!buf2){ err_printf(&cfg, "Error: Out of memory.\n"); return MOSQ_ERR_NOMEM; @@ -313,7 +313,7 @@ int pub_other_loop(struct mosquitto *mosq) int loop_delay = 1000; if(cfg.repeat_count > 1 && (cfg.repeat_delay.tv_sec == 0 || cfg.repeat_delay.tv_usec != 0)){ - loop_delay = cfg.repeat_delay.tv_usec / 2000; + loop_delay = (int )cfg.repeat_delay.tv_usec / 2000; } do{ diff --git a/client/pub_shared.c b/client/pub_shared.c index 81996a4f..ae4cb277 100644 --- a/client/pub_shared.c +++ b/client/pub_shared.c @@ -50,7 +50,7 @@ void my_log_callback(struct mosquitto *mosq, void *obj, int level, const char *s int load_stdin(void) { - long pos = 0, rlen; + size_t pos = 0, rlen; char buf[1024]; char *aux_message = NULL; @@ -70,7 +70,12 @@ int load_stdin(void) memcpy(&(cfg.message[pos]), buf, rlen); pos += rlen; } - cfg.msglen = pos; + if(pos > MQTT_MAX_PAYLOAD){ + err_printf(&cfg, "Error: Message length must be less that %u bytes.\n\n", MQTT_MAX_PAYLOAD); + free(cfg.message); + return 1; + } + cfg.msglen = (int )pos; if(!cfg.msglen){ err_printf(&cfg, "Error: Zero length input.\n"); @@ -82,8 +87,9 @@ int load_stdin(void) int load_file(const char *filename) { - long pos, rlen; + size_t pos, rlen; FILE *fptr = NULL; + long flen; fptr = fopen(filename, "rb"); if(!fptr){ @@ -92,22 +98,28 @@ int load_file(const char *filename) } cfg.pub_mode = MSGMODE_FILE; fseek(fptr, 0, SEEK_END); - cfg.msglen = ftell(fptr); - if(cfg.msglen > 268435455){ + flen = ftell(fptr); + if(flen > MQTT_MAX_PAYLOAD){ + err_printf(&cfg, "Error: Message length must be less that %u bytes.\n\n", MQTT_MAX_PAYLOAD); + free(cfg.message); + return 1; + } + if(flen > 268435455){ fclose(fptr); err_printf(&cfg, "Error: File \"%s\" is too large (>268,435,455 bytes).\n", filename); return 1; - }else if(cfg.msglen == 0){ + }else if(flen == 0){ fclose(fptr); err_printf(&cfg, "Error: File \"%s\" is empty.\n", filename); return 1; - }else if(cfg.msglen < 0){ + }else if(flen < 0){ fclose(fptr); err_printf(&cfg, "Error: Unable to determine size of file \"%s\".\n", filename); return 1; } + cfg.msglen = (int )flen; fseek(fptr, 0, SEEK_SET); - cfg.message = malloc(cfg.msglen); + cfg.message = malloc((size_t )cfg.msglen); if(!cfg.message){ fclose(fptr); err_printf(&cfg, "Error: Out of memory.\n"); @@ -115,7 +127,7 @@ int load_file(const char *filename) } pos = 0; while(pos < cfg.msglen){ - rlen = fread(&(cfg.message[pos]), sizeof(char), cfg.msglen-pos, fptr); + rlen = fread(&(cfg.message[pos]), sizeof(char), (size_t )cfg.msglen-pos, fptr); pos += rlen; } fclose(fptr); diff --git a/client/sub_client_output.c b/client/sub_client_output.c index 5b639e95..6d9d82d7 100644 --- a/client/sub_client_output.c +++ b/client/sub_client_output.c @@ -83,7 +83,7 @@ static void write_payload(const unsigned char *payload, int payloadlen, int hex) int i; if(hex == 0){ - (void)fwrite(payload, 1, payloadlen, stdout); + (void)fwrite(payload, 1, (size_t )payloadlen, stdout); }else if(hex == 1){ for(i=0; i