Fix memory leak when clients send v5 CONNECT packets.

This occurs when they have a will message that contains invalid property types.

Fix memory leak when clients send v5 CONNECT packets.
This occurs when they have a will message that contains invalid property types.
00b24e0e · Roger A. Light · 4f9002c5 · 00b24e0e · 00b24e0e
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

ChangeLog.txt ChangeLog.txt +2 -0

src/property_broker.c src/property_broker.c +1 -0

未找到文件。
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -2,6 +2,8 @@ Security:
 - CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
  messages with the same message ID, but then never respond to the PUBREC
  commands.
+- CVE-xxxx-xxxxx: Fix memory leak when clients send v5 CONNECT packets with a
+  will message that contains invalid property types.
 - Broker will now reject Will messages that attempt to publish to $CONTROL/.
 - Broker now validates usernames provided in a TLS certificate or TLS-PSK
  identity are valid UTF-8.

--- a/src/property_broker.c
+++ b/src/property_broker.c
@@ -103,6 +103,7 @@ int property__process_will(struct mosquitto *context, struct mosquitto_message_a
 				break;

 			default:
+				msg->properties = msg_properties;
 				return MOSQ_ERR_PROTOCOL;
 				break;
 		}