-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reading mosquitto.conf with line > 1023 chars does unexpected things (with patch) #652
Comments
You are right. But try "openssl ciphers shortening strings" may minimize the length of the list of valid ciphers. See mosquitto.conf and https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for details. |
I think 3 things should be done.
|
Here is the fix (fully tested), but I can make a pull request if you want that. Best regards,
|
Thanks for the report and the patch, I've fixed it in a slightly different way that means it should never be a problem again. |
while testing TLS I added a line :
ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E.......
The line is 1600 chars long, the config reader fails unexpectedly :
Error: Unable to open configuration file.
Error: Unknown configuration variable ":DHE-RSA-CAMELLIA128-SHA:DHE-DSS-...
It also fails if the ciphers line starts with # and is commented out
Any line longer than 1023 will be read as a new configuration line starting at byte 1024... this has unexpected consequenses. (reading commented content as if it had not been commented out, possible security implications? )
The problem is in src/conf.c line 572
mosquitto/src/conf.c
Line 572 in 46630e7
the buffer is on the stack:
mosquitto/src/conf.c
Line 543 in 46630e7
I could fix this and submit a patch if you like that. (please say so)
For my test setup I will just hack the buffer to 4096 bytes for now and continue testing.
The text was updated successfully, but these errors were encountered: