d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Broker now validates usernames provided over TLS are valid UTF-8.

Browse Source
This commit is contained in:
Roger A. Light 2023-06-08 23:12:18 +01:00
parent 44b94875b5
commit 02d36f9946
4 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.txt
View File

@ -1,5 +1,7 @@
Security:
- Broker will reject Will messages that attempt to publish to $CONTROL/.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
Broker:
- Fix $SYS messages being expired after 60 seconds and hence unchanged values

15
src/handle_connect.c
View File

@ -794,11 +794,22 @@ int handle__connect(struct mosquitto *context)
rc = MOSQ_ERR_AUTH;
goto handle_connect_error;
}
const char *new_username;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
context->username = mosquitto__strdup((char *) ASN1_STRING_data(name_asn1));
new_username = (const char *) ASN1_STRING_data(name_asn1);
#else
context->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));
new_username = (const char *) ASN1_STRING_get0_data(name_asn1);
#endif
if(mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
if(context->protocol == mosq_p_mqtt5){
send__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);
}else{
send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);
}
X509_free(client_cert);
return MOSQ_ERR_AUTH;
}
context->username = mosquitto__strdup(new_username);
if(!context->username){
if(context->protocol == mosq_p_mqtt5){
send__connack(context, 0, MQTT_RC_SERVER_UNAVAILABLE, NULL);

4
src/net.c
View File

@ -296,6 +296,10 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned
}
if(listener->use_identity_as_username){
if(mosquitto_validate_utf8(identity, (int)strlen(identity))){
mosquitto__free(psk_key);
return 0;
}
context->username = mosquitto__strdup(identity);
if(!context->username){
mosquitto__free(psk_key);

3
src/plugin_public.c
View File

@ -244,6 +244,9 @@ int mosquitto_set_username(struct mosquitto *client, const char *username)
if(!client) return MOSQ_ERR_INVAL;
if(username){
if(mosquitto_validate_utf8(username, (int)strlen(username))){
return MOSQ_ERR_MALFORMED_UTF8;
}
u_dup = mosquitto__strdup(username);
if(!u_dup) return MOSQ_ERR_NOMEM;
}else{