eclipse/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse/mosquitto.git synced 2025-05-09 09:11:11 +08:00
Code Issues Releases Wiki Activity

Fix potential file persistence crash.

Browse Source 
Identified by OS-TIF audit.

TOB-MOSQ-CR-5
This commit is contained in:
Roger A. Light 2023-06-09 23:56:55 +01:00
parent a3c680fbb0
commit b1c29e881e
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.txt
View File

@ -2,6 +2,7 @@ Security:
- Broker will now reject Will messages that attempt to publish to $CONTROL/. - Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK - Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8. identity are valid UTF-8.
- Fix potential crash when loading invalid persitence file.
Broker: Broker:
- Fix $SYS messages being expired after 60 seconds and hence unchanged values - Fix $SYS messages being expired after 60 seconds and hence unchanged values

20
src/persist_write.c
View File

@ -47,8 +47,6 @@ static int persist__client_messages_save(FILE *db_fptr, struct mosquitto *contex
assert(db_fptr); assert(db_fptr);
assert(context); assert(context);
memset(&chunk, 0, sizeof(struct P_client_msg));
cmsg = queue; cmsg = queue;
while(cmsg){ while(cmsg){
if(!strncmp(cmsg->store->topic, "$SYS", 4) if(!strncmp(cmsg->store->topic, "$SYS", 4)
@ -61,6 +59,8 @@ static int persist__client_messages_save(FILE *db_fptr, struct mosquitto *contex
continue; continue;
} }
memset(&chunk, 0, sizeof(struct P_client_msg));
chunk.F.store_id = cmsg->store->db_id; chunk.F.store_id = cmsg->store->db_id;
chunk.F.mid = cmsg->mid; chunk.F.mid = cmsg->mid;
chunk.F.id_len = (uint16_t)strlen(context->id); chunk.F.id_len = (uint16_t)strlen(context->id);
@ -91,8 +91,6 @@ static int persist__message_store_save(FILE *db_fptr)
assert(db_fptr); assert(db_fptr);
memset(&chunk, 0, sizeof(struct P_msg_store));
stored = db.msg_store; stored = db.msg_store;
while(stored){ while(stored){
if(stored->ref_count < 1 || stored->topic == NULL){ if(stored->ref_count < 1 || stored->topic == NULL){
@ -100,6 +98,8 @@ static int persist__message_store_save(FILE *db_fptr)
continue; continue;
} }
memset(&chunk, 0, sizeof(struct P_msg_store));
if(!strncmp(stored->topic, "$SYS", 4)){ if(!strncmp(stored->topic, "$SYS", 4)){
if(stored->ref_count <= 1 && stored->dest_id_count == 0){ if(stored->ref_count <= 1 && stored->dest_id_count == 0){
/* $SYS messages that are only retained shouldn't be persisted. */ /* $SYS messages that are only retained shouldn't be persisted. */
@ -164,9 +164,9 @@ static int persist__client_save(FILE *db_fptr)
assert(db_fptr); assert(db_fptr);
memset(&chunk, 0, sizeof(struct P_client));
HASH_ITER(hh_id, db.contexts_by_id, context, ctxt_tmp){ HASH_ITER(hh_id, db.contexts_by_id, context, ctxt_tmp){
memset(&chunk, 0, sizeof(struct P_client));
if(context && if(context &&
#ifdef WITH_BRIDGE #ifdef WITH_BRIDGE
((!context->bridge && context->clean_start == false) ((!context->bridge && context->clean_start == false)
@ -224,8 +224,6 @@ static int persist__subs_save(FILE *db_fptr, struct mosquitto__subhier *node, co
size_t slen; size_t slen;
int rc; int rc;
memset(&sub_chunk, 0, sizeof(struct P_sub));
slen = strlen(topic) + node->topic_len + 2; slen = strlen(topic) + node->topic_len + 2;
thistopic = mosquitto__malloc(sizeof(char)*slen); thistopic = mosquitto__malloc(sizeof(char)*slen);
if(!thistopic) return MOSQ_ERR_NOMEM; if(!thistopic) return MOSQ_ERR_NOMEM;
@ -238,6 +236,8 @@ static int persist__subs_save(FILE *db_fptr, struct mosquitto__subhier *node, co
sub = node->subs; sub = node->subs;
while(sub){ while(sub){
if(sub->context->clean_start == false && sub->context->id){ if(sub->context->clean_start == false && sub->context->id){
memset(&sub_chunk, 0, sizeof(struct P_sub));
sub_chunk.F.identifier = sub->identifier; sub_chunk.F.identifier = sub->identifier;
sub_chunk.F.id_len = (uint16_t)strlen(sub->context->id); sub_chunk.F.id_len = (uint16_t)strlen(sub->context->id);
sub_chunk.F.topic_len = (uint16_t)strlen(thistopic); sub_chunk.F.topic_len = (uint16_t)strlen(thistopic);
@ -281,10 +281,10 @@ static int persist__retain_save(FILE *db_fptr, struct mosquitto__retainhier *nod
struct P_retain retain_chunk; struct P_retain retain_chunk;
int rc; int rc;
memset(&retain_chunk, 0, sizeof(struct P_retain));
if(node->retained && strncmp(node->retained->topic, "$SYS", 4)){ if(node->retained && strncmp(node->retained->topic, "$SYS", 4)){
/* Don't save $SYS messages. */ /* Don't save $SYS messages. */
memset(&retain_chunk, 0, sizeof(struct P_retain));
retain_chunk.F.store_id = node->retained->db_id; retain_chunk.F.store_id = node->retained->db_id;
rc = persist__chunk_retain_write_v6(db_fptr, &retain_chunk); rc = persist__chunk_retain_write_v6(db_fptr, &retain_chunk);
if(rc){ if(rc){