github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fixes' of github.com:eclipse/mosquitto into fixes

Browse Source
pull/403/merge
Roger A. Light 8 years ago
parent d72ec39d79 5b73897f98
commit d8cc5bc4fe
4 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File

3
ChangeLog.txt
Unescape Escape View File

@ -1,3 +1,6 @@
Broker:
- Use constant time memcmp for password comparisons.
1.4.14 - 20170710 1.4.14 - 20170710
================= =================

5
lib/mosquitto.c
Unescape Escape View File

@ -971,9 +971,10 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
/* Fake write possible, to stimulate output write even though /* Fake write possible, to stimulate output write even though
* we didn't ask for it, because at that point the publish or * we didn't ask for it, because at that point the publish or
* other command wasn't present. */ * other command wasn't present. */
FD_SET(mosq->sock, &writefds); if(mosq->sock != INVALID_SOCKET)
FD_SET(mosq->sock, &writefds);
} }
if(FD_ISSET(mosq->sock, &writefds)){ if(mosq->sock != INVALID_SOCKET && FD_ISSET(mosq->sock, &writefds)){
#ifdef WITH_TLS #ifdef WITH_TLS
if(mosq->want_connect){ if(mosq->want_connect){
rc = mosquitto__socket_connect_tls(mosq); rc = mosquitto__socket_connect_tls(mosq);

3
src/loop.c
Unescape Escape View File

@ -21,6 +21,7 @@ Contributors:
#include <assert.h> #include <assert.h>
#ifndef WIN32 #ifndef WIN32
#include <poll.h> #include <poll.h>
#include <unistd.h>
#else #else
#include <process.h> #include <process.h>
#include <winsock2.h> #include <winsock2.h>
@ -126,7 +127,7 @@ int mosquitto_main_loop(struct mosquitto_db *db, mosq_sock_t *listensock, int li
#ifdef WIN32 #ifdef WIN32
pollfd_max = _getmaxstdio(); pollfd_max = _getmaxstdio();
#else #else
pollfd_max = getdtablesize(); pollfd_max = sysconf(_SC_OPEN_MAX);
#endif #endif
pollfds = _mosquitto_malloc(sizeof(struct pollfd)*pollfd_max); pollfds = _mosquitto_malloc(sizeof(struct pollfd)*pollfd_max);

22
src/security_default.c
Unescape Escape View File

@ -33,6 +33,9 @@ static int _pw_digest(const char *password, const unsigned char *salt, unsigned
static int _base64_decode(char *in, unsigned char **decoded, unsigned int *decoded_len); static int _base64_decode(char *in, unsigned char **decoded, unsigned int *decoded_len);
#endif #endif
static int mosquitto__memcmp_const(const void *ptr1, const void *b, size_t len);
int mosquitto_security_init_default(struct mosquitto_db *db, bool reload) int mosquitto_security_init_default(struct mosquitto_db *db, bool reload)
{ {
int rc; int rc;
@ -650,6 +653,23 @@ static int _psk_file_parse(struct mosquitto_db *db)
return MOSQ_ERR_SUCCESS; return MOSQ_ERR_SUCCESS;
} }
static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)
{
int i;
int rc = 0;
if(!a || !b) return 1;
for(i=0; i<len; i++){
if( ((char *)a)[i] != ((char *)b)[i] ){
rc = 1;
}
}
return rc;
}
int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username, const char *password) int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username, const char *password)
{ {
struct _mosquitto_unpwd *u, *tmp; struct _mosquitto_unpwd *u, *tmp;
@ -670,7 +690,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username,
#ifdef WITH_TLS #ifdef WITH_TLS
rc = _pw_digest(password, u->salt, u->salt_len, hash, &hash_len); rc = _pw_digest(password, u->salt, u->salt_len, hash, &hash_len);
if(rc == MOSQ_ERR_SUCCESS){ if(rc == MOSQ_ERR_SUCCESS){
if(hash_len == u->password_len && !memcmp(u->password, hash, hash_len)){ if(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){
return MOSQ_ERR_SUCCESS; return MOSQ_ERR_SUCCESS;
}else{ }else{
return MOSQ_ERR_AUTH; return MOSQ_ERR_AUTH;

Write Preview
Loading…
Cancel
Save