mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-06-07 17:42:30 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix MQTT SUBSCRIBE parsing

Browse Source 
Make sure topic is properly NUL-terminated.
Ignore SUBSCRIBE requests with no topic expressions.

PUBLISHED_FROM=a00f39dda44fe63299e971a91a98f8ee57dd2a64
This commit is contained in:
Deomid Ryabkov 2017-10-30 17:49:41 +03:00 committed by Cesanta Bot
parent a8b74a9021
commit 7942803a75
2 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
examples/examples.mk
View File

@ -21,6 +21,11 @@ ifeq ($(SSL_LIB),mbedtls)
CFLAGS += -DMG_ENABLE_SSL -DMG_SSL_IF=MG_SSL_IF_MBEDTLS -DMG_SSL_MBED_DUMMY_RANDOM -lmbedcrypto -lmbedtls -lmbedx509
endif
ifdef ASAN
CC = clang
CFLAGS += -fsanitize=address
endif
$(PROG): $(SOURCES)
$(CC) $(SOURCES) -o $@ $(CFLAGS)

41
mongoose.c
View File

@ -10741,24 +10741,33 @@ static void mg_mqtt_broker_handle_subscribe(struct mg_connection *nc,
qoss[num_subs++] = qos;
}
te = (struct mg_mqtt_topic_expression *) MG_REALLOC(
ss->subscriptions,
sizeof(*ss->subscriptions) * (ss->num_subscriptions + num_subs));
if (te == NULL) {
nc->flags |= MG_F_CLOSE_IMMEDIATELY;
return;
}
ss->subscriptions = te;
for (pos = 0;
(pos = mg_mqtt_next_subscribe_topic(msg, &topic, &qos, pos)) != -1;
ss->num_subscriptions++) {
te = &ss->subscriptions[ss->num_subscriptions];
te->topic = (char *) MG_MALLOC(topic.len + 1);
te->qos = qos;
strncpy((char *) te->topic, topic.p, topic.len + 1);
if (num_subs > 0) {
te = (struct mg_mqtt_topic_expression *) MG_REALLOC(
ss->subscriptions,
sizeof(*ss->subscriptions) * (ss->num_subscriptions + num_subs));
if (te == NULL) {
nc->flags |= MG_F_CLOSE_IMMEDIATELY;
return;
}
ss->subscriptions = te;
for (pos = 0;
pos < (int) msg->payload.len &&
(pos = mg_mqtt_next_subscribe_topic(msg, &topic, &qos, pos)) != -1;
ss->num_subscriptions++) {
te = &ss->subscriptions[ss->num_subscriptions];
te->topic = (char *) MG_MALLOC(topic.len + 1);
te->qos = qos;
memcpy((char *) te->topic, topic.p, topic.len);
((char *) te->topic)[topic.len] = '\0';
}
}
mg_mqtt_suback(nc, qoss, num_subs, msg->message_id);
if (pos == (int) msg->payload.len) {
mg_mqtt_suback(nc, qoss, num_subs, msg->message_id);
} else {
/* We did not fully parse the payload, something must be wrong. */
nc->flags |= MG_F_CLOSE_IMMEDIATELY;
}
}
static void mg_mqtt_broker_handle_publish(struct mg_mqtt_broker *brk,