[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #52345] MQTT buffer length check seems wrong
|
From: |
David Bourgeois |
|
Subject: |
[lwip-devel] [bug #52345] MQTT buffer length check seems wrong |
|
Date: |
Sun, 5 Nov 2017 18:28:15 -0500 (EST) |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?52345>
Summary: MQTT buffer length check seems wrong
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: jaguarondi
Submitted on: Sun 05 Nov 2017 11:28:13 PM UTC
Category: apps
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
The buffer length check fails with an empty payload, it seems the comparison
should be done towards MQTT_VAR_HEADER_BUFFER_LEN but I don't know if there
are some other length to take into account also.
Here's what I did:
In LwIP/src/apps/mqtt/mqtt.c
/* Check length, add one byte even for QoS 0 so that zero termination
will fit */
- if ((after_topic + (qos ? 2 : 1)) > length) {
+ if ((after_topic + (qos ? 2 : 1)) > MQTT_VAR_HEADER_BUFFER_LEN) {
LWIP_DEBUGF(MQTT_DEBUG_WARN, ("mqtt_message_received: Receive buffer
can not fit topic + pkt_id\n"));
goto out_disconnect;
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?52345>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #52345] MQTT buffer length check seems wrong,
David Bourgeois <=