Fix leak on crafted MQTT v5 CONNECT.

If a MQTT v5 client connects with a crafted CONNECT packet a memory leak
will occur.

Thanks to Kathrin Kleinhammer.

ChangeLog.txt

@@ -1,6 +1,10 @@
-2.0.11 - 2021-xx-xx
+2.0.11 - 2021-06-08
 ===================
 
+Security:
+- If a MQTT v5 client connects with a crafted CONNECT packet a memory leak
+  will occur. This has been fixed.
+
 Broker:
 - Fix possible crash having just upgraded from 1.6 if `per_listener_settings
   true` is set, and a SIGHUP is sent to the broker before a client has

src/handle_connect.c

@@ -924,11 +924,13 @@ handle_connect_error:
 		mosquitto__free(will_struct->msg.topic);
 		mosquitto__free(will_struct);
 	}
+	context->will = NULL;
 #ifdef WITH_TLS
 	if(client_cert) X509_free(client_cert);
 #endif
 	/* We return an error here which means the client is freed later on. */
 	context->clean_start = true;
 	context->session_expiry_interval = 0;
+	context->will_delay_interval = 0;
 	return rc;
 }

test/broker/Makefile

@@ -135,6 +135,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
 	./06-bridge-reconnect-local-out.py
 
 07 :
+	./07-will-delay-invalid-573191.py
 	./07-will-delay-reconnect.py
 	./07-will-delay-recover.py
 	./07-will-delay-session-expiry.py

test/broker/test.py

@@ -114,6 +114,7 @@ tests = [
     (3, './06-bridge-per-listener-settings.py'),
     (2, './06-bridge-reconnect-local-out.py'),
 
+    (1, './07-will-delay-invalid-573191.py'),
     (1, './07-will-delay-reconnect.py'),
     (1, './07-will-delay-recover.py'),
     (1, './07-will-delay-session-expiry.py'),