[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #61480] MQTT: RCE caused by buffer overflow

From: Wouter van Gulik
Subject: [lwip-devel] [bug #61480] MQTT: RCE caused by buffer overflow
Date: Thu, 30 Dec 2021 17:31:45 -0500 (EST)
User-agent: Mozilla/5.0 (Android 10; Mobile; rv:95.0) Gecko/95.0 Firefox/95.0

Follow-up Comment #4, bug #61480 (project lwip):

I have written some fixes, but I keep battling corner cases.
I do not get why a large initial packet should still be limited to the client
Is not better to first try maximum from current pbuf? Let's say you receive
200 bytes, then it will be split and processed in 127 and then the
And does reassembly within the first 127 bytes really help? It will only help
on pbuf borders. Does that really occur?
I imagine it a mqtt message is usually within a single pbuf.


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]