Merge branch 'fixes' of github.com:eclipse/mosquitto into fixes

8 years ago · d8cc5bc4fe
parent d72ec39d79 5b73897f98
commit d8cc5bc4fe
4 changed files with 29 additions and 4 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,6 @@
+Broker:
+- Use constant time memcmp for password comparisons.
+
 1.4.14 - 20170710
 =================

--- a/lib/mosquitto.c
+++ b/lib/mosquitto.c
@ -971,9 +971,10 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
 				/* Fake write possible, to stimulate output write even though
 				 * we didn't ask for it, because at that point the publish or
 				 * other command wasn't present. */
-				FD_SET(mosq->sock, &writefds);
+				if(mosq->sock != INVALID_SOCKET)
+					FD_SET(mosq->sock, &writefds);
 			}
-			if(FD_ISSET(mosq->sock, &writefds)){
+			if(mosq->sock != INVALID_SOCKET && FD_ISSET(mosq->sock, &writefds)){
 #ifdef WITH_TLS
 				if(mosq->want_connect){
 					rc = mosquitto__socket_connect_tls(mosq);
--- a/src/loop.c
+++ b/src/loop.c
@ -21,6 +21,7 @@ Contributors:
 #include <assert.h>
 #ifndef WIN32
 #include <poll.h>
+#include <unistd.h>
 #else
 #include <process.h>
 #include <winsock2.h>
@ -126,7 +127,7 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li
 #ifdef WIN32
 	pollfd_max = _getmaxstdio();
 #else
-	pollfd_max = getdtablesize();
+	pollfd_max = sysconf(_SC_OPEN_MAX);
 #endif

 	pollfds = _mosquitto_malloc(sizeof(struct pollfd)*pollfd_max);
--- a/src/security_default.c
+++ b/src/security_default.c
@ -33,6 +33,9 @@ static int _pw_digest(const char *password, const unsigned char *salt, unsigned
 static int _base64_decode(char *in, unsigned char **decoded, unsigned int *decoded_len);
 #endif

+static int mosquitto__memcmp_const(const void *ptr1, const void *b, size_t len);
+
+
 int mosquitto_security_init_default(struct mosquitto_db *db, bool reload)
 {
 	int rc;
@ -650,6 +653,23 @@ static int _psk_file_parse(struct mosquitto_db *db)
 	return MOSQ_ERR_SUCCESS;
 }

+
+static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)
+{
+	int i;
+	int rc = 0;
+
+	if(!a || !b) return 1;
+
+	for(i=0; i<len; i++){
+		if( ((char *)a)[i] != ((char *)b)[i] ){
+			rc = 1;
+		}
+	}
+	return rc;
+}
+
+
 int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username, const char *password)
 {
 	struct _mosquitto_unpwd *u, *tmp;
@ -670,7 +690,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username,
 #ifdef WITH_TLS
 					rc = _pw_digest(password, u->salt, u->salt_len, hash, &hash_len);
 					if(rc == MOSQ_ERR_SUCCESS){
-						if(hash_len == u->password_len && !memcmp(u->password, hash, hash_len)){
+						if(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){
 							return MOSQ_ERR_SUCCESS;
 						}else{
 							return MOSQ_ERR_AUTH;