[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #52345] MQTT buffer length check seems wrong

From: David Bourgeois
Subject: [lwip-devel] [bug #52345] MQTT buffer length check seems wrong
Date: Sun, 5 Nov 2017 18:28:15 -0500 (EST)
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36


                 Summary: MQTT buffer length check seems wrong
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: jaguarondi
            Submitted on: Sun 05 Nov 2017 11:28:13 PM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Crash Error
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head



The buffer length check fails with an empty payload, it seems the comparison
should be done towards MQTT_VAR_HEADER_BUFFER_LEN but I don't know if there
are some other length to take into account also.

Here's what I did:

In LwIP/src/apps/mqtt/mqtt.c 
       /* Check length, add one byte even for QoS 0 so that zero termination
will fit */
-      if ((after_topic + (qos ? 2 : 1)) > length) {
+      if ((after_topic + (qos ? 2 : 1)) > MQTT_VAR_HEADER_BUFFER_LEN) {
         LWIP_DEBUGF(MQTT_DEBUG_WARN, ("mqtt_message_received: Receive buffer
can not fit topic + pkt_id\n"));
         goto out_disconnect;


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]