Fix oss-fuzz 67175, 67180, 67191

Embedded 0 characters in a file would prevent the loading of that file. This could not happen apart from corruption of the file, or by deliberate manipulation by the admin. Minimal impact.
eclipse · Mar 4, 2024 · 9f7b23c · 9f7b23c
1 parent 2762a87
commit 9f7b23c
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 8 deletions.
diff --git a/apps/mosquitto_passwd/Makefile b/apps/mosquitto_passwd/Makefile
@@ -17,7 +17,8 @@ OBJS_EXTERNAL= \
  memory_mosq.o \
  memory_public.o \
  misc_mosq.o \
- password_mosq.o
+ password_mosq.o \
+ utf8_mosq.o
 
 
 ifeq ($(WITH_TLS),yes)
@@ -54,6 +55,9 @@ misc_mosq.o : ${R}/common/misc_mosq.c ${R}/common/misc_mosq.h
 password_mosq.o : ${R}/common/password_mosq.c ${R}/common/password_mosq.h
  ${CROSS_COMPILE}${CC} ${LOCAL_CPPFLAGS} $(LOCAL_CFLAGS) -c $< -o $@
 
+utf8_mosq.o : ${R}/common/utf8_mosq.c
+ ${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
+
 install : all
 ifeq ($(WITH_TLS),yes)
  $(INSTALL) -d "${DESTDIR}$(prefix)/bin"

diff --git a/common/misc_mosq.c b/common/misc_mosq.c
@@ -284,6 +284,11 @@ char *fgets_extending(char **buf, int *buflen, FILE *stream)
  if(endchar == '\n'){
  return rc;
  }
+ if((int)(len+1) < *buflen){
+ /* Embedded nulls, invalid string */
+ return NULL;
+ }
+
  /* No EOL char found, so extend buffer */
  offset = (*buflen)-1;
  *buflen += 1000;

diff --git a/lib/utf8_mosq.c → common/utf8_mosq.c b/lib/utf8_mosq.c → common/utf8_mosq.c
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
@@ -50,7 +50,7 @@ set(C_SRC
  thread_mosq.c
  ../common/time_mosq.c ../common/time_mosq.h
  tls_mosq.c
- utf8_mosq.c
+ ../common/utf8_mosq.c
  util_mosq.c util_topic.c util_mosq.h
  will_mosq.c will_mosq.h)
 

diff --git a/lib/Makefile b/lib/Makefile
@@ -81,7 +81,6 @@ OBJS= \
  strings_mosq.o \
  thread_mosq.o \
  tls_mosq.o \
- utf8_mosq.o \
  util_mosq.o \
  util_topic.o \
  will_mosq.o
@@ -90,7 +89,8 @@ OBJS_EXTERNAL= \
  base64_mosq.o \
  misc_mosq.o \
  password_mosq.o \
- time_mosq.o
+ time_mosq.o \
+ utf8_mosq.o
 
 ifeq ($(WITH_WEBSOCKETS),yes)
  OBJS_EXTERNAL+=${R}/deps/picohttpparser/picohttpparser.o
@@ -160,5 +160,8 @@ password_mosq.o : ${R}/common/password_mosq.c net_mosq.h
 time_mosq.o : ${R}/common/time_mosq.c ${R}/common/time_mosq.h
  ${CROSS_COMPILE}$(CC) $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
 
+utf8_mosq.o : ${R}/common/utf8_mosq.c
+ ${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
+
 ${R}/deps/picohttpparser/picohttpparser.o : ${R}/deps/picohttpparser/picohttpparser.c
  ${CROSS_COMPILE}$(CC) $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -77,7 +77,7 @@ set (MOSQ_SRCS
  ../lib/tls_mosq.c
  topic_tok.c
  ../lib/util_mosq.c ../lib/util_topic.c ../lib/util_mosq.h
- ../lib/utf8_mosq.c
+ ../common/utf8_mosq.c
  websockets.c
  will_delay.c
  ../lib/will_mosq.c ../lib/will_mosq.h

diff --git a/src/Makefile b/src/Makefile
@@ -247,7 +247,7 @@ util_mosq.o : ${R}/lib/util_mosq.c ${R}/lib/util_mosq.h
 util_topic.o : ${R}/lib/util_topic.c ${R}/lib/util_mosq.h
  ${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
 
-utf8_mosq.o : ${R}/lib/utf8_mosq.c
+utf8_mosq.o : ${R}/common/utf8_mosq.c
  ${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@
 
 will_mosq.o : ${R}/lib/will_mosq.c ${R}/lib/will_mosq.h

diff --git a/test/unit/broker/Makefile b/test/unit/broker/Makefile
@@ -177,7 +177,7 @@ ${R}/src/util_mosq.o : ${R}/lib/util_mosq.c
 ${R}/src/util_topic.o : ${R}/lib/util_topic.c
  $(MAKE) -C ${R}/src/ util_topic.o
 
-${R}/src/utf8_mosq.o : ${R}/lib/utf8_mosq.c
+${R}/src/utf8_mosq.o : ${R}/common/utf8_mosq.c
  $(MAKE) -C ${R}/src/ utf8_mosq.o
 
 build : bridge_topic_test keepalive_test persist_read_test persist_write_test subs_test

diff --git a/test/unit/lib/Makefile b/test/unit/lib/Makefile
@@ -76,7 +76,7 @@ ${R}/lib/util_mosq.o : ${R}/lib/util_mosq.c
 ${R}/lib/util_topic.o : ${R}/lib/util_topic.c
  $(MAKE) -C ${R}/lib/ util_topic.o
 
-${R}/lib/utf8_mosq.o : ${R}/lib/utf8_mosq.c
+${R}/lib/utf8_mosq.o : ${R}/common/utf8_mosq.c
  $(MAKE) -C ${R}/lib/ utf8_mosq.o
 
 build : lib_test