d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix memory leak when clients send v5 CONNECT packets.

Browse Source 
This occurs when they have a will message that contains invalid property
types.
This commit is contained in:
Roger A. Light 2023-07-07 23:41:04 +01:00
parent 4f9002c58a
commit 00b24e0eb0
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.txt
View File

@ -2,6 +2,8 @@ Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-xxxx-xxxxx: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.

1
src/property_broker.c
View File

@ -103,6 +103,7 @@ int property__process_will(struct mosquitto *context, struct mosquitto_message_a
break;
default:
msg->properties = msg_properties;
return MOSQ_ERR_PROTOCOL;
break;
}