dynsec: Forbid deleting the anon group.

ChangeLog.txt

@@ -1,6 +1,14 @@
-2.0.15 - 2022-xx-xx
+2.0.15 - 2022-08-16
 ===================
 
+Security:
+- Deleting the group configured as the anonymous group in the Dynamic Security
+  plugin, would leave a dangling pointer that could lead to a single crash.
+  This is considered a minor issue - only administrative users should have
+  access to dynsec, the impact on availability is one-off, and there is no
+  associated loss of data. It is now forbidden to delete the group configured
+  as the anonymous group.
+
 Broker:
 - Fix memory leak when a plugin modifies the topic of a message in
   MOSQ_EVT_MESSAGE.

plugins/dynamic-security/groups.c

@@ -466,6 +466,11 @@ int dynsec_groups__process_delete(cJSON *j_responses, struct mosquitto *context,
 
 	group = dynsec_groups__find(groupname);
 	if(group){
+		if(group == dynsec_anonymous_group){
+			dynsec__command_reply(j_responses, context, "deleteGroup", "Deleting the anonymous group is forbidden", correlation_data);
+			return MOSQ_ERR_INVAL;
+		}
+
 		/* Enforce any changes */
 		group__kick_all(group);
 

test/broker/14-dynsec-anon-group.py

@@ -71,6 +71,15 @@ create_role_apply_response = {'responses': [
     ]}
 
 
+delete_anon_group_command = { "commands": [
+    { "command": "deleteGroup", "groupname": "anon-clients", "correlationData": "40" }
+    ]
+}
+delete_anon_group_response = {'responses': [
+    {'command': 'deleteGroup', "error":'Deleting the anonymous group is forbidden', 'correlationData': '40'}
+    ]}
+
+
 
 rc = 1
 keepalive = 10
@@ -136,6 +145,9 @@ try:
     csock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port)
     mosq_test.do_send_receive(csock, subscribe_packet, suback_packet_success, "suback 3")
 
+    # Try to delete anon group, this should fail
+    command_check(sock, delete_anon_group_command, delete_anon_group_response)
+
     rc = 0
 
     sock.close()