Skip to content

Commit

Permalink
Fix memory leak when clients send v5 CONNECT packets.
Browse files Browse the repository at this point in the history 
This occurs when they have a will message that contains invalid property
types.
  • Loading branch information
@ralight
ralight committed Aug 16, 2023
1 parent 4f9002c commit 00b24e0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ChangeLog.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-xxxx-xxxxx: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
Expand Down
1 change: 1 addition & 0 deletions src/property_broker.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ int property__process_will(struct mosquitto *context, struct mosquitto_message_a
break;

default:
msg->properties = msg_properties;
return MOSQ_ERR_PROTOCOL;
break;
}
Expand Down

3 comments on commit 00b24e0

@apoleon
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is apparently the fix for CVE-2023-3592. Is this also the fix for CVE-2023-0809?

@CastleOnTheHill
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is apparently the fix for CVE-2023-3592. Is this also the fix for CVE-2023-0809?

I want to know as well, can't find fix for CVE-2023-0809.
Would you @ralight please list the url of the fix for us ? (It would be nicer to explain briefly.)

@CastleOnTheHill
Copy link
Contributor

@CastleOnTheHill CastleOnTheHill commented on 00b24e0 Oct 8, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is apparently the fix for CVE-2023-3592. Is this also the fix for CVE-2023-0809?

I want to know as well, can't find fix for CVE-2023-0809. Would you @ralight please list the url of the fix for us ? (It would be nicer to explain briefly.)

Found CVE-2023-0809 fix at https://security-tracker.debian.org/tracker/CVE-2023-0809

fix commit url: a3c680f
@apoleon

Please sign in to comment.