Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] [EXTERNAL] MQTTDeserialize_unsubscribe need to judge maxcount with *count
  • From: Cristian Pop <Cristian.Pop@xxxxxxxxxxxxx>
  • Date: Mon, 4 Mar 2024 19:49:43 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pD5xFNmHAKD/entkB7db3pT0xQqskD44WctA1RQISt4=; b=ks9oJakCURKExZUIQXuC4JDMEe6gvRoXSsnZAkB5Wgeq4MhOLu2F9VnTLOJcK32EQR/0oIChZHUJa4ePs3v4XkJQ1FsUODrv5hEkVdWAW4gtm1yg2+kSeAy3O/rSAQc0wpitCeRrlbMnN44RE0iMjJV4ii5zBdoGJEZ7dTO56bLtQ1xScvt8o0THoGRiJtacuoWCKE2KQg1rSg+hplue3z5d03InYxLStrUrIpjhkZDEEH/I1NSyWj+FvhsQXSm8qPJap0fsyRXPocRfXN+8FwABC63wTZ8PnsEqDmkIpML2itJOo5JfmmQ9KRybTh6hq0ZSq1aQP8ay9FiSPrJoeQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F5Bn8IO3naE58Fyz04OkP1d81ISh1lWDUM69fwEF1pVs+NCxp6PQgvBFqIT7ytKouET7itZQaj1s083WDrItrdFtGsQ7uR9R+Z4S6lL2mFNAuWAgiIhYCIFYWgVo/JXVJeyk26WrUSZMKYtvxtkZ+tviHtnJleTcXsrA3hg3CqpJJGSkHwAvoHtY30pPeL1ImsAlN1MVYuUHTHEwbhd7kVdh/BBxVLDfNllC5I+fT4IuppTpChjvSHVn30hxMxMtWOhEwYWnL0JbgeywdCHAIZy6ly6ix5VPgrzJYFJ6mVDswxcENh1f1m36JXZmubUoPV7CCr0HApGNCtAPjnLi1w==
  • Delivered-to: paho-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/paho-dev/>
  • List-help: <mailto:paho-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=unsubscribe>
  • Msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-03-04T19:49:42.909Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
  • Thread-index: AQHabHmzK0ku54VoBkGyK1WnsdlScrEn/6ZO
  • Thread-topic: [EXTERNAL] [paho-dev] MQTTDeserialize_unsubscribe need to judge maxcount with *count
Thank you Bruce for identifying the issue and submitting the fix! 
I've left a couple of comments.

Chris

From: paho-dev <paho-dev-bounces@xxxxxxxxxxx> on behalf of bruce lin via paho-dev <paho-dev@xxxxxxxxxxx>
Sent: Saturday, March 2, 2024 12:14 AM
To: paho-dev@xxxxxxxxxxx <paho-dev@xxxxxxxxxxx>
Cc: bruce lin <guozai12@xxxxxxxxx>
Subject: [EXTERNAL] [paho-dev] MQTTDeserialize_unsubscribe need to judge maxcount with *count
 
Hi,
I got an invalid unsubscribe packet in base64 format "rS8BAAABAAAAAAAADGlvdC0wNDBhMDFrcARtcXR0BmlvdGh1YghhbGl5dW5jcwNjbw==",it may cause coredump.After review the code, I find that 
https://github.com/eclipse/paho.mqtt.embedded-c/blob/32ad8d0d19ac982e32f5f4358adc00e5511ecff5/MQTTPacket/src/MQTTUnsubscribeServer.c#L34 
MQTTDeserialize_unsubscribe  didn't judge maxcount with *count,
if set maxcount to 1,and init topicFilters with size 1,*count will bigger than maxcount,topicFilters[*count] cause memory access violation.

Back to the top