From 2a50b2e9bd3695b2a021d170b6c60f4104f928de Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Mon, 10 Jul 2017 23:43:42 +0100
Subject: [PATCH 1/8] Fix regression from 1.4.13 where persistence data was not
 being saved.

---
 ChangeLog.txt   |  7 +++++++
 src/mosquitto.c | 16 ++++++++++------
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index e83010eb..becbb44a 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,10 @@
+1.4.14 - 20170710
+=================
+
+Broker:
+- Fix regression from 1.4.13 where persistence data was not being saved.
+
+
 1.4.13 - 20170627
 =================
 
diff --git a/src/mosquitto.c b/src/mosquitto.c
index 1fd1e7ff..b28150ce 100644
--- a/src/mosquitto.c
+++ b/src/mosquitto.c
@@ -398,6 +398,16 @@ int main(int argc, char *argv[])
 	}
 #endif
 
+	HASH_ITER(hh_id, int_db.contexts_by_id, ctxt, ctxt_tmp){
+		mqtt3_context_send_will(&int_db, ctxt);
+	}
+
+#ifdef WITH_PERSISTENCE
+	if(config.persistence){
+		mqtt3_db_backup(&int_db, true);
+	}
+#endif
+
 	HASH_ITER(hh_id, int_db.contexts_by_id, ctxt, ctxt_tmp){
 #ifdef WITH_WEBSOCKETS
 		if(!ctxt->wsi){
@@ -422,12 +432,6 @@ int main(int argc, char *argv[])
 #endif
 	mosquitto__free_disused_contexts(&int_db);
 
-#ifdef WITH_PERSISTENCE
-	if(config.persistence){
-		mqtt3_db_backup(&int_db, true);
-	}
-#endif
-
 	mqtt3_db_close(&int_db);
 
 	if(listensock){

From 1fa4d742783eb1452aee0332150e924c95dfb274 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Mon, 10 Jul 2017 23:44:16 +0100
Subject: [PATCH 2/8] Bump version number.

---
 CMakeLists.txt                 | 2 +-
 config.mk                      | 2 +-
 installer/mosquitto-cygwin.nsi | 2 +-
 installer/mosquitto.nsi        | 2 +-
 lib/mosquitto.h                | 2 +-
 set-version.sh                 | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5b9a1cb6..6d5d7201 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,7 +11,7 @@ project(mosquitto)
 cmake_minimum_required(VERSION 2.8)
 # Only for version 3 and up. cmake_policy(SET CMP0042 NEW)
 
-set (VERSION 1.4.13)
+set (VERSION 1.4.14)
 
 if (WIN32)
 	execute_process(COMMAND cmd /c echo %DATE% %TIME% OUTPUT_VARIABLE TIMESTAMP
diff --git a/config.mk b/config.mk
index f6ac9869..71f17e54 100644
--- a/config.mk
+++ b/config.mk
@@ -86,7 +86,7 @@ WITH_SOCKS:=yes
 
 # Also bump lib/mosquitto.h, CMakeLists.txt,
 # installer/mosquitto.nsi, installer/mosquitto-cygwin.nsi
-VERSION=1.4.13
+VERSION=1.4.14
 TIMESTAMP:=$(shell date "+%F %T%z")
 
 # Client library SO version. Bump if incompatible API/ABI changes are made.
diff --git a/installer/mosquitto-cygwin.nsi b/installer/mosquitto-cygwin.nsi
index 1115e07f..354cfcaa 100644
--- a/installer/mosquitto-cygwin.nsi
+++ b/installer/mosquitto-cygwin.nsi
@@ -7,7 +7,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "mosquitto"
-!define VERSION 1.4.13
+!define VERSION 1.4.14
 OutFile "mosquitto-${VERSION}-install-cygwin.exe"
 
 InstallDir "$PROGRAMFILES\mosquitto"
diff --git a/installer/mosquitto.nsi b/installer/mosquitto.nsi
index ff34be76..7bf3162b 100644
--- a/installer/mosquitto.nsi
+++ b/installer/mosquitto.nsi
@@ -9,7 +9,7 @@
 !define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
 
 Name "mosquitto"
-!define VERSION 1.4.13
+!define VERSION 1.4.14
 OutFile "mosquitto-${VERSION}-install-win32.exe"
 
 InstallDir "$PROGRAMFILES\mosquitto"
diff --git a/lib/mosquitto.h b/lib/mosquitto.h
index 02e4ff67..b7cc749f 100644
--- a/lib/mosquitto.h
+++ b/lib/mosquitto.h
@@ -45,7 +45,7 @@ extern "C" {
 
 #define LIBMOSQUITTO_MAJOR 1
 #define LIBMOSQUITTO_MINOR 4
-#define LIBMOSQUITTO_REVISION 13
+#define LIBMOSQUITTO_REVISION 14
 /* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
 #define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)
 
diff --git a/set-version.sh b/set-version.sh
index 5284d9b6..31a9a576 100755
--- a/set-version.sh
+++ b/set-version.sh
@@ -2,7 +2,7 @@
 
 MAJOR=1
 MINOR=4
-REVISION=13
+REVISION=14
 
 sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk
 

From d72ec39d79effae08011e13faf5870fa7e80fa54 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Mon, 10 Jul 2017 23:45:13 +0100
Subject: [PATCH 3/8] Don't clean man pages with 'clean' target.

---
 man/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/man/Makefile b/man/Makefile
index 502a78c6..635df3e9 100644
--- a/man/Makefile
+++ b/man/Makefile
@@ -5,6 +5,9 @@ include ../config.mk
 all :  mosquitto.8 mosquitto-tls.7 mosquitto.conf.5 mosquitto_passwd.1 mosquitto_pub.1 mosquitto_sub.1 mqtt.7 libmosquitto.3
 
 clean :
+
+reallyclean : clean
+	-rm -f *.orig
 	-rm -f libmosquitto.3
 	-rm -f mosquitto.8
 	-rm -f mosquitto.conf.5
@@ -14,9 +17,6 @@ clean :
 	-rm -f mosquitto-tls.7
 	-rm -f mqtt.7
 
-reallyclean : clean
-	-rm -f *.orig
-
 dist : mosquitto.8 mosquitto-tls.7 mosquitto.conf.5 mosquitto_passwd.1 mosquitto_pub.1 mosquitto_sub.1 mqtt.7 libmosquitto.3
 
 install :

From 366194cde40d0cdea31248c8dbd2fe6dd4f81e20 Mon Sep 17 00:00:00 2001
From: Fredrik Fornwall <fredrik@fornwall.net>
Date: Sun, 16 Jul 2017 17:11:04 +0200
Subject: [PATCH 4/8] Replace getdtablesize() with sysconf(_SC_OPEN_MAX)

From http://man7.org/linux/man-pages/man3/getdtablesize.3.html:

"It is not specified in POSIX.1; portable applications should employ
sysconf(_SC_OPEN_MAX) instead of this call."

Specifically this fixes a build failure on Android which does not
have getdtablesize().

Signed-off-by: Fredrik Fornwall <fredrik@fornwall.net>
---
 src/loop.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/loop.c b/src/loop.c
index 3d068181..bf4876bc 100644
--- a/src/loop.c
+++ b/src/loop.c
@@ -21,6 +21,7 @@ Contributors:
 #include <assert.h>
 #ifndef WIN32
 #include <poll.h>
+#include <unistd.h>
 #else
 #include <process.h>
 #include <winsock2.h>
@@ -126,7 +127,7 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li
 #ifdef WIN32
 	pollfd_max = _getmaxstdio();
 #else
-	pollfd_max = getdtablesize();
+	pollfd_max = sysconf(_SC_OPEN_MAX);
 #endif
 
 	pollfds = _mosquitto_malloc(sizeof(struct pollfd)*pollfd_max);

From 0ba0bc434eba0c7b0d30110707e5b462be28b464 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Wed, 5 Jul 2017 22:56:19 +0100
Subject: [PATCH 5/8] Use constant time memcmp for password checks.

---
 ChangeLog.txt          |  3 +++
 src/security_default.c | 22 +++++++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index e83010eb..b56a8660 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,6 @@
+Broker:
+- Use constant time memcmp for password comparisons.
+
 1.4.13 - 20170627
 =================
 
diff --git a/src/security_default.c b/src/security_default.c
index 43cd3f0c..c4085828 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -33,6 +33,9 @@ static int _pw_digest(const char *password, const unsigned char *salt, unsigned
 static int _base64_decode(char *in, unsigned char **decoded, unsigned int *decoded_len);
 #endif
 
+static int mosquitto__memcmp_const(const void *ptr1, const void *b, size_t len);
+
+
 int mosquitto_security_init_default(struct mosquitto_db *db, bool reload)
 {
 	int rc;
@@ -650,6 +653,23 @@ static int _psk_file_parse(struct mosquitto_db *db)
 	return MOSQ_ERR_SUCCESS;
 }
 
+
+static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)
+{
+	int i;
+	int rc = 0;
+
+	if(!a || !b) return 1;
+
+	for(i=0; i<len; i++){
+		if( ((char *)a)[i] != ((char *)b)[i] ){
+			rc = 1;
+		}
+	}
+	return rc;
+}
+
+
 int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username, const char *password)
 {
 	struct _mosquitto_unpwd *u, *tmp;
@@ -670,7 +690,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username,
 #ifdef WITH_TLS
 					rc = _pw_digest(password, u->salt, u->salt_len, hash, &hash_len);
 					if(rc == MOSQ_ERR_SUCCESS){
-						if(hash_len == u->password_len && !memcmp(u->password, hash, hash_len)){
+						if(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){
 							return MOSQ_ERR_SUCCESS;
 						}else{
 							return MOSQ_ERR_AUTH;

From 5b73897f9892918f6148ea97bfa6ea998f196927 Mon Sep 17 00:00:00 2001
From: Zard1096 <mr.zardqi@gmail.com>
Date: Tue, 11 Jul 2017 13:08:38 +0800
Subject: [PATCH 6/8] Fix iOS crash issues

Relate to issues #327 and #63.
mosq->sock may be closed before FD_SET(mosq->sock, &writefds) and
FD_ISSET(mosq->sock, &writefds) but after judgement in line 947
if(mosq->sock != INVALID_SOCKET). FD_SET(-1, ...) and FD_ISSET(-1, ...)
would certainly crash.

Signed-off-by: Zard1096 <mr.zardqi@gmail.com>
---
 lib/mosquitto.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/mosquitto.c b/lib/mosquitto.c
index be8e62e5..61ffdd87 100644
--- a/lib/mosquitto.c
+++ b/lib/mosquitto.c
@@ -971,9 +971,10 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
 				/* Fake write possible, to stimulate output write even though
 				 * we didn't ask for it, because at that point the publish or
 				 * other command wasn't present. */
-				FD_SET(mosq->sock, &writefds);
+				if(mosq->sock != INVALID_SOCKET)
+					FD_SET(mosq->sock, &writefds);
 			}
-			if(FD_ISSET(mosq->sock, &writefds)){
+			if(mosq->sock != INVALID_SOCKET && FD_ISSET(mosq->sock, &writefds)){
 #ifdef WITH_TLS
 				if(mosq->want_connect){
 					rc = mosquitto__socket_connect_tls(mosq);

From d40d7772d37f1de587dfd9bc49d374d8d5b393b7 Mon Sep 17 00:00:00 2001
From: "Aska.Wu" <askawu@gmail.com>
Date: Tue, 18 Jul 2017 16:32:05 +0800
Subject: [PATCH 7/8] Fix the TLS handshake problem if PSK has leading zero

Incorrect psk will be provided by psk_server_callback() because leading zero
is skipped by BN_bn2bin() and BN_num_bytes().

Signed-off-by: Aska.Wu <askawu@gmail.com>
---
 lib/util_mosq.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/util_mosq.c b/lib/util_mosq.c
index 6f6bb49a..55e65e9e 100644
--- a/lib/util_mosq.c
+++ b/lib/util_mosq.c
@@ -327,19 +327,33 @@ int _mosquitto_hex2bin(const char *hex, unsigned char *bin, int bin_max_len)
 {
 	BIGNUM *bn = NULL;
 	int len;
+	int leading_zero = 0;
+	int start = 0;
+	int i = 0;
+
+	/* Count the number of leading zero */
+	for(i=0; i<strlen(hex); i=i+2) {
+		if(strncmp(hex + i, "00", 2) == 0) {
+			leading_zero++;
+			/* output leading zero to bin */
+			bin[start++] = 0;
+		}else{
+			break;
+		}
+	}
 
 	if(BN_hex2bn(&bn, hex) == 0){
 		if(bn) BN_free(bn);
 		return 0;
 	}
-	if(BN_num_bytes(bn) > bin_max_len){
+	if(BN_num_bytes(bn) + leading_zero > bin_max_len){
 		BN_free(bn);
 		return 0;
 	}
 
-	len = BN_bn2bin(bn, bin);
+	len = BN_bn2bin(bn, bin + leading_zero);
 	BN_free(bn);
-	return len;
+	return len + leading_zero;
 }
 #endif
 

From 46630e7325a82644be1a6fef00ef30bbd52c7ef6 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Tue, 18 Jul 2017 21:53:29 +0100
Subject: [PATCH 8/8] Update change log.

---
 ChangeLog.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 86f809cf..9f471d92 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,5 +1,10 @@
 Broker:
 - Use constant time memcmp for password comparisons.
+- Fix incorrect PSK key being used if it had leading zeroes.
+
+Client library:
+- Fix incorrect PSK key being used if it had leading zeroes.
+
 
 1.4.14 - 20170710
 =================