Broker now validates usernames provided over TLS are valid UTF-8.
This commit is contained in:
parent
44b94875b5
commit
02d36f9946
@ -1,5 +1,7 @@
|
||||
Security:
|
||||
- Broker will reject Will messages that attempt to publish to $CONTROL/.
|
||||
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
|
||||
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
|
||||
identity are valid UTF-8.
|
||||
|
||||
Broker:
|
||||
- Fix $SYS messages being expired after 60 seconds and hence unchanged values
|
||||
|
@ -794,11 +794,22 @@ int handle__connect(struct mosquitto *context)
|
||||
rc = MOSQ_ERR_AUTH;
|
||||
goto handle_connect_error;
|
||||
}
|
||||
const char *new_username;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
context->username = mosquitto__strdup((char *) ASN1_STRING_data(name_asn1));
|
||||
new_username = (const char *) ASN1_STRING_data(name_asn1);
|
||||
#else
|
||||
context->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));
|
||||
new_username = (const char *) ASN1_STRING_get0_data(name_asn1);
|
||||
#endif
|
||||
if(mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
|
||||
if(context->protocol == mosq_p_mqtt5){
|
||||
send__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);
|
||||
}else{
|
||||
send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);
|
||||
}
|
||||
X509_free(client_cert);
|
||||
return MOSQ_ERR_AUTH;
|
||||
}
|
||||
context->username = mosquitto__strdup(new_username);
|
||||
if(!context->username){
|
||||
if(context->protocol == mosq_p_mqtt5){
|
||||
send__connack(context, 0, MQTT_RC_SERVER_UNAVAILABLE, NULL);
|
||||
|
@ -296,6 +296,10 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned
|
||||
}
|
||||
|
||||
if(listener->use_identity_as_username){
|
||||
if(mosquitto_validate_utf8(identity, (int)strlen(identity))){
|
||||
mosquitto__free(psk_key);
|
||||
return 0;
|
||||
}
|
||||
context->username = mosquitto__strdup(identity);
|
||||
if(!context->username){
|
||||
mosquitto__free(psk_key);
|
||||
|
@ -244,6 +244,9 @@ int mosquitto_set_username(struct mosquitto *client, const char *username)
|
||||
if(!client) return MOSQ_ERR_INVAL;
|
||||
|
||||
if(username){
|
||||
if(mosquitto_validate_utf8(username, (int)strlen(username))){
|
||||
return MOSQ_ERR_MALFORMED_UTF8;
|
||||
}
|
||||
u_dup = mosquitto__strdup(username);
|
||||
if(!u_dup) return MOSQ_ERR_NOMEM;
|
||||
}else{
|
||||
|
Loading…
Reference in New Issue
Block a user