diff options
Diffstat (limited to 'main/mosquitto/CVE-2021-34432.patch')
-rw-r--r-- | main/mosquitto/CVE-2021-34432.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/main/mosquitto/CVE-2021-34432.patch b/main/mosquitto/CVE-2021-34432.patch new file mode 100644 index 00000000000..14037ba13c7 --- /dev/null +++ b/main/mosquitto/CVE-2021-34432.patch @@ -0,0 +1,61 @@ +From 9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 Mon Sep 17 00:00:00 2001 +From: "Roger A. Light" <roger@atchoo.org> +Date: Tue, 9 Feb 2021 14:09:53 +0000 +Subject: [PATCH] Fix mosquitto_{pub|sub}_topic_check() function returns. + +The would not return MOSQ_ERR_INVAL on topic == NULL. +--- + lib/util_topic.c | 19 ++++++++++++++++--- + 2 files changed, 21 insertions(+), 3 deletions(-) + +diff --git a/lib/util_topic.c b/lib/util_topic.c +index fc24f0d1cb..62b531127c 100644 +--- a/lib/util_topic.c ++++ b/lib/util_topic.c +@@ -54,6 +54,11 @@ int mosquitto_pub_topic_check(const char *str) + #ifdef WITH_BROKER + int hier_count = 0; + #endif ++ ++ if(str == NULL){ ++ return MOSQ_ERR_INVAL; ++ } ++ + while(str && str[0]){ + if(str[0] == '+' || str[0] == '#'){ + return MOSQ_ERR_INVAL; +@@ -81,7 +86,9 @@ int mosquitto_pub_topic_check2(const char *str, size_t len) + int hier_count = 0; + #endif + +- if(len > 65535) return MOSQ_ERR_INVAL; ++ if(str == NULL || len > 65535){ ++ return MOSQ_ERR_INVAL; ++ } + + for(i=0; i<len; i++){ + if(str[i] == '+' || str[i] == '#'){ +@@ -115,7 +122,11 @@ int mosquitto_sub_topic_check(const char *str) + int hier_count = 0; + #endif + +- while(str && str[0]){ ++ if(str == NULL){ ++ return MOSQ_ERR_INVAL; ++ } ++ ++ while(str[0]){ + if(str[0] == '+'){ + if((c != '\0' && c != '/') || (str[1] != '\0' && str[1] != '/')){ + return MOSQ_ERR_INVAL; +@@ -150,7 +161,9 @@ int mosquitto_sub_topic_check2(const char *str, size_t len) + int hier_count = 0; + #endif + +- if(len > 65535) return MOSQ_ERR_INVAL; ++ if(str == NULL || len > 65535){ ++ return MOSQ_ERR_INVAL; ++ } + + for(i=0; i<len; i++){ + if(str[i] == '+'){ |