github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dynsec: Check ACLs are valid topic filters.

Browse Source
pull/1886/head
Roger A. Light 5 years ago
parent 3486f0e546
commit 7462fec1c8
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File

18
plugins/dynamic-security/roles.c
Unescape Escape View File

@ -819,6 +819,7 @@ int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context,
struct dynsec__role *role;
cJSON *jtmp;
struct dynsec__acl **acllist, *acl;
int rc;
if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid/missing rolename", correlation_data);
@ -854,6 +855,14 @@ int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context,
jtmp = cJSON_GetObjectItem(command, "topic");
if(jtmp && cJSON_IsString(jtmp)){
rc = mosquitto_sub_topic_check(jtmp->valuestring);
if(rc == MOSQ_ERR_INVAL){
dynsec__command_reply(j_responses, context, "addRoleACL", "ACL topic not valid UTF-8", correlation_data);
return MOSQ_ERR_INVAL;
}else if(rc == MOSQ_ERR_MALFORMED_UTF8){
dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid ACL topic", correlation_data);
return MOSQ_ERR_INVAL;
}
topic = mosquitto_strdup(jtmp->valuestring);
if(topic == NULL){
dynsec__command_reply(j_responses, context, "addRoleACL", "Internal error", correlation_data);
@ -898,6 +907,7 @@ int dynsec_roles__process_remove_acl(cJSON *j_responses, struct mosquitto *conte
struct dynsec__acl **acllist, *acl;
char *topic;
cJSON *jtmp;
int rc;
if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
dynsec__command_reply(j_responses, context, "createRole", "Invalid/missing rolename", correlation_data);
@ -935,6 +945,14 @@ int dynsec_roles__process_remove_acl(cJSON *j_responses, struct mosquitto *conte
dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid/missing topic", correlation_data);
return MOSQ_ERR_SUCCESS;
}
rc = mosquitto_sub_topic_check(jtmp->valuestring);
if(rc == MOSQ_ERR_INVAL){
dynsec__command_reply(j_responses, context, "removeRoleACL", "ACL topic not valid UTF-8", correlation_data);
return MOSQ_ERR_INVAL;
}else if(rc == MOSQ_ERR_MALFORMED_UTF8){
dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid ACL topic", correlation_data);
return MOSQ_ERR_INVAL;
}
HASH_FIND(hh, *acllist, topic, strlen(topic), acl);
if(acl){

2
src/linker-macosx.syms
Unescape Escape View File

@ -27,7 +27,9 @@ _mosquitto_property_add_string
_mosquitto_property_add_string_pair
_mosquitto_property_add_varint
_mosquitto_property_free_all
_mosquitto_pub_topic_check
_mosquitto_realloc
_mosquitto_set_username
_mosquitto_strdup
_mosquitto_sub_topic_check
_mosquitto_topic_matches_sub

2
src/linker.syms
Unescape Escape View File

@ -28,8 +28,10 @@
mosquitto_property_add_string_pair;
mosquitto_property_add_varint;
mosquitto_property_free_all;
mosquitto_pub_topic_check;
mosquitto_realloc;
mosquitto_set_username;
mosquitto_strdup;
mosquitto_sub_topic_check;
mosquitto_topic_matches_sub;
};

Write Preview
Loading…
Cancel
Save