New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suscribe Long Topic Will Cause Broker Deny of Service (from 1.6.0 to 1.6.5) #1412
Comments
When testing test.mosquitto.org did not trigger the exception, sorry to bother. I will continue to check the cause of the exception on my server. |
Still happened! It's actually a horrible bug. Maybe related about user configuration. |
…flow. Closes #1412. Thanks to Ryan Shaw.
Fixed in the commit, I'll have to deal with this properly tomorrow. Thanks for the report. |
…flow. Closes #1412. Thanks to Ryan Shaw.
…flow. Closes #1412. Thanks to Ryan Shaw.
…flow. Closes #1412. Thanks to Ryan Shaw.
This should be CVE-2019-11779 comparing with https://mosquitto.org/files/cve/2019-11779/ |
When will these new packages be published in the repo |
@robertobarreda 1.6.7 includes this fix, 1.5.x you can patch yourself. |
In code lib/util_topic.c.
The first function is used to implement topic string filtering, causing problems with filtering long strings.
Testing:
Ubuntu 16.04 x86_64 / mosquitto 1.6.4 (apt-get.).
PoC:
By sending 65535 bytes of the same acceptable topic character (
/
), forcing the program to get stuck in the loop, causing SEGV.Broker will not work properly when subscribers continue to subscribe the malicious topic.
There are still many broker servers around the world that do not have authentication enabled or under best practices, and this DoS will have a potential (or direct) impact on MQTT services.
The text was updated successfully, but these errors were encountered: