From ca40255720405528e376a65de9526a27a5ade7d7 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Thu, 25 Oct 2018 12:12:57 +0100
Subject: [PATCH] mid == 0 is a protocol error.

---
 lib/handle_pubackcomp.c  | 1 +
 lib/handle_publish.c     | 4 ++++
 lib/handle_pubrec.c      | 1 +
 lib/handle_pubrel.c      | 1 +
 lib/handle_suback.c      | 1 +
 lib/handle_unsuback.c    | 1 +
 src/handle_publish.c     | 4 ++++
 src/handle_subscribe.c   | 1 +
 src/handle_unsubscribe.c | 1 +
 9 files changed, 15 insertions(+)

diff --git a/lib/handle_pubackcomp.c b/lib/handle_pubackcomp.c
index 8f5f0a30..e9f0d4f4 100644
--- a/lib/handle_pubackcomp.c
+++ b/lib/handle_pubackcomp.c
@@ -49,6 +49,7 @@ int handle__pubackcomp(struct mosquitto *mosq, const char *type)
 	assert(mosq);
 	rc = packet__read_uint16(&mosq->in_packet, &mid);
 	if(rc) return rc;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(mosq->protocol == mosq_p_mqtt5){
 		rc = property__read_all(PUBACK, &mosq->in_packet, &properties);
diff --git a/lib/handle_publish.c b/lib/handle_publish.c
index 5a253aa0..44257c69 100644
--- a/lib/handle_publish.c
+++ b/lib/handle_publish.c
@@ -67,6 +67,10 @@ int handle__publish(struct mosquitto *mosq)
 			message__cleanup(&message);
 			return rc;
 		}
+		if(mid == 0){
+			message__cleanup(&message);
+			return MOSQ_ERR_PROTOCOL;
+		}
 		message->msg.mid = (int)mid;
 	}
 
diff --git a/lib/handle_pubrec.c b/lib/handle_pubrec.c
index 227d27be..1d6401b0 100644
--- a/lib/handle_pubrec.c
+++ b/lib/handle_pubrec.c
@@ -44,6 +44,7 @@ int handle__pubrec(struct mosquitto *mosq)
 	assert(mosq);
 	rc = packet__read_uint16(&mosq->in_packet, &mid);
 	if(rc) return rc;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(mosq->protocol == mosq_p_mqtt5){
 		rc = property__read_all(PUBREC, &mosq->in_packet, &properties);
diff --git a/lib/handle_pubrel.c b/lib/handle_pubrel.c
index 2630f1f2..7ed08010 100644
--- a/lib/handle_pubrel.c
+++ b/lib/handle_pubrel.c
@@ -53,6 +53,7 @@ int handle__pubrel(struct mosquitto_db *db, struct mosquitto *mosq)
 	}
 	rc = packet__read_uint16(&mosq->in_packet, &mid);
 	if(rc) return rc;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(mosq->protocol == mosq_p_mqtt5){
 		rc = property__read_all(PUBREL, &mosq->in_packet, &properties);
diff --git a/lib/handle_suback.c b/lib/handle_suback.c
index 512415f2..2b23e134 100644
--- a/lib/handle_suback.c
+++ b/lib/handle_suback.c
@@ -49,6 +49,7 @@ int handle__suback(struct mosquitto *mosq)
 #endif
 	rc = packet__read_uint16(&mosq->in_packet, &mid);
 	if(rc) return rc;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(mosq->protocol == mosq_p_mqtt5){
 		rc = property__read_all(SUBACK, &mosq->in_packet, &properties);
diff --git a/lib/handle_unsuback.c b/lib/handle_unsuback.c
index 0c403175..1e7fae8d 100644
--- a/lib/handle_unsuback.c
+++ b/lib/handle_unsuback.c
@@ -51,6 +51,7 @@ int handle__unsuback(struct mosquitto *mosq)
 #endif
 	rc = packet__read_uint16(&mosq->in_packet, &mid);
 	if(rc) return rc;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(mosq->protocol == mosq_p_mqtt5){
 		rc = property__read_all(UNSUBACK, &mosq->in_packet, &properties);
diff --git a/src/handle_publish.c b/src/handle_publish.c
index f5850a32..b51949f5 100644
--- a/src/handle_publish.c
+++ b/src/handle_publish.c
@@ -131,6 +131,10 @@ int handle__publish(struct mosquitto_db *db, struct mosquitto *context)
 			mosquitto__free(topic);
 			return 1;
 		}
+		if(mid == 0){
+			mosquitto__free(topic);
+			return MOSQ_ERR_PROTOCOL;
+		}
 	}
 
 	if(context->protocol == mosq_p_mqtt5){
diff --git a/src/handle_subscribe.c b/src/handle_subscribe.c
index e592ec83..ebab3156 100644
--- a/src/handle_subscribe.c
+++ b/src/handle_subscribe.c
@@ -50,6 +50,7 @@ int handle__subscribe(struct mosquitto_db *db, struct mosquitto *context)
 		}
 	}
 	if(packet__read_uint16(&context->in_packet, &mid)) return 1;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(context->protocol == mosq_p_mqtt5){
 		rc = property__read_all(SUBSCRIBE, &context->in_packet, &properties);
diff --git a/src/handle_unsubscribe.c b/src/handle_unsubscribe.c
index 5a130684..1838427d 100644
--- a/src/handle_unsubscribe.c
+++ b/src/handle_unsubscribe.c
@@ -42,6 +42,7 @@ int handle__unsubscribe(struct mosquitto_db *db, struct mosquitto *context)
 		}
 	}
 	if(packet__read_uint16(&context->in_packet, &mid)) return 1;
+	if(mid == 0) return MOSQ_ERR_PROTOCOL;
 
 	if(context->protocol == mosq_p_mqtt5){
 		rc = property__read_all(UNSUBSCRIBE, &context->in_packet, &properties);