Fix leak on crafted MQTT v5 CONNECT.

If a MQTT v5 client connects with a crafted CONNECT packet a memory leak will occur. Thanks to Kathrin Kleinhammer.
eclipse · Jun 8, 2021 · 4216363 · 4216363
1 parent 403691c
commit 4216363
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 1 deletion.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -1,6 +1,10 @@
-2.0.11 - 2021-xx-xx
+2.0.11 - 2021-06-08
 ===================
 
+Security:
+- If a MQTT v5 client connects with a crafted CONNECT packet a memory leak
+ will occur. This has been fixed.
+
 Broker:
 - Fix possible crash having just upgraded from 1.6 if `per_listener_settings
  true` is set, and a SIGHUP is sent to the broker before a client has

diff --git a/src/handle_connect.c b/src/handle_connect.c
@@ -924,11 +924,13 @@ int handle__connect(struct mosquitto *context)
  mosquitto__free(will_struct->msg.topic);
  mosquitto__free(will_struct);
  }
+ context->will = NULL;
 #ifdef WITH_TLS
  if(client_cert) X509_free(client_cert);
 #endif
  /* We return an error here which means the client is freed later on. */
  context->clean_start = true;
  context->session_expiry_interval = 0;
+ context->will_delay_interval = 0;
  return rc;
 }
diff --git a/test/broker/Makefile b/test/broker/Makefile
@@ -135,6 +135,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
  ./06-bridge-reconnect-local-out.py
 
 07 :
+ ./07-will-delay-invalid-573191.py
  ./07-will-delay-reconnect.py
  ./07-will-delay-recover.py
  ./07-will-delay-session-expiry.py

diff --git a/test/broker/test.py b/test/broker/test.py
@@ -114,6 +114,7 @@
  (3, './06-bridge-per-listener-settings.py'),
  (2, './06-bridge-reconnect-local-out.py'),
 
+ (1, './07-will-delay-invalid-573191.py'),
  (1, './07-will-delay-reconnect.py'),
  (1, './07-will-delay-recover.py'),
  (1, './07-will-delay-session-expiry.py'),