From 4d1b587e29bf0476b78305a26932f09949522a75 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 16 Aug 2022 12:53:01 +0100 Subject: [PATCH] dynsec: Forbid deleting the anon group. --- ChangeLog.txt | 10 +++++++++- plugins/dynamic-security/groups.c | 5 +++++ test/broker/14-dynsec-anon-group.py | 12 ++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index f5fccfe8..26998f6d 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,14 @@ -2.0.15 - 2022-xx-xx +2.0.15 - 2022-08-16 =================== +Security: +- Deleting the group configured as the anonymous group in the Dynamic Security + plugin, would leave a dangling pointer that could lead to a single crash. + This is considered a minor issue - only administrative users should have + access to dynsec, the impact on availability is one-off, and there is no + associated loss of data. It is now forbidden to delete the group configured + as the anonymous group. + Broker: - Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. diff --git a/plugins/dynamic-security/groups.c b/plugins/dynamic-security/groups.c index b2a2f485..f26a2ba5 100644 --- a/plugins/dynamic-security/groups.c +++ b/plugins/dynamic-security/groups.c @@ -466,6 +466,11 @@ int dynsec_groups__process_delete(cJSON *j_responses, struct mosquitto *context, group = dynsec_groups__find(groupname); if(group){ + if(group == dynsec_anonymous_group){ + dynsec__command_reply(j_responses, context, "deleteGroup", "Deleting the anonymous group is forbidden", correlation_data); + return MOSQ_ERR_INVAL; + } + /* Enforce any changes */ group__kick_all(group); diff --git a/test/broker/14-dynsec-anon-group.py b/test/broker/14-dynsec-anon-group.py index 259188de..95ea3590 100755 --- a/test/broker/14-dynsec-anon-group.py +++ b/test/broker/14-dynsec-anon-group.py @@ -71,6 +71,15 @@ create_role_apply_response = {'responses': [ ]} +delete_anon_group_command = { "commands": [ + { "command": "deleteGroup", "groupname": "anon-clients", "correlationData": "40" } + ] +} +delete_anon_group_response = {'responses': [ + {'command': 'deleteGroup', "error":'Deleting the anonymous group is forbidden', 'correlationData': '40'} + ]} + + rc = 1 keepalive = 10 @@ -136,6 +145,9 @@ try: csock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port) mosq_test.do_send_receive(csock, subscribe_packet, suback_packet_success, "suback 3") + # Try to delete anon group, this should fail + command_check(sock, delete_anon_group_command, delete_anon_group_response) + rc = 0 sock.close()