Fix for #2283.

Closes #2283. Thanks to Heath Raftery.
2021-08-21 20:13:19 +01:00 · 2021-08-21 20:13:19 +01:00 · 526b8430e2
commit 526b8430e2
parent c01ae67af7
2 changed files with 6 additions and 1 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -6,6 +6,11 @@ Security:
  These clients are now rejected if their keepalive value exceeds
  max_keepalive. This option allows CVE-2020-13849, which is for the MQTT
  v3.1.1 protocol itself rather than an implementation, to be addressed.
+- Using certain listener related configuration options e.g. `cafile`, that
+  apply to the default listener without defining any listener would cause a
+  remotely accessible listener to be opened that was not confined to the local
+  machine but did have anonymous access enabled, contrary to the
+  documentation. This has been fixed. Closes #2283.

 Broker:
 - Fix possible out of bounds memory reads when reading a corrupt/crafted
--- a/src/mosquitto.c
+++ b/src/mosquitto.c
@ -335,7 +335,7 @@ static int listeners__start(void)

 	listensock_count = 0;

-	if(db.config->listener_count == 0){
+	if(db.config->local_only){
 		if(listeners__start_local_only()){
 			db__close();
 			if(db.config->pid_file){