Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] [EXTERNAL] MQTTDeserialize_unsubscribe need to judge maxcount with *count
Thank you  Chris  for your comments.A new UT for invalid unsubscribe packet was added in test1.c.
 


On Tue, Mar 5, 2024 at 3:49 AM Cristian Pop <Cristian.Pop@xxxxxxxxxxxxx> wrote:
Thank you Bruce for identifying the issue and submitting the fix! 
I've left a couple of comments.

Chris

From: paho-dev <paho-dev-bounces@xxxxxxxxxxx> on behalf of bruce lin via paho-dev <paho-dev@xxxxxxxxxxx>
Sent: Saturday, March 2, 2024 12:14 AM
To: paho-dev@xxxxxxxxxxx <paho-dev@xxxxxxxxxxx>
Cc: bruce lin <guozai12@xxxxxxxxx>
Subject: [EXTERNAL] [paho-dev] MQTTDeserialize_unsubscribe need to judge maxcount with *count
 
Hi,
I got an invalid unsubscribe packet in base64 format "rS8BAAABAAAAAAAADGlvdC0wNDBhMDFrcARtcXR0BmlvdGh1YghhbGl5dW5jcwNjbw==",it may cause coredump.After review the code, I find that 
https://github.com/eclipse/paho.mqtt.embedded-c/blob/32ad8d0d19ac982e32f5f4358adc00e5511ecff5/MQTTPacket/src/MQTTUnsubscribeServer.c#L34 
MQTTDeserialize_unsubscribe  didn't judge maxcount with *count,
if set maxcount to 1,and init topicFilters with size 1,*count will bigger than maxcount,topicFilters[*count] cause memory access violation.

Back to the top