Mirrors_Framework/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse-mosquitto/mosquitto.git synced 2026-02-06 11:12:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Further fix for CVE-2023-28366.

Browse Source
This commit is contained in:
Roger A. Light
2025-02-27 16:31:00 +00:00
parent 6a667172b8
commit 664ca4eb16
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.txt
View File

@@ -4,6 +4,7 @@
Security:
- Fix leak on malicious SUBSCRIBE by authenticated client.
Closes eclipse #248.
- Further fix for CVE-2023-28366.
Broker:
- Fix clients sending a RESERVED packet not being quickly disconnected.

1
lib/packet_mosq.c
View File

@@ -155,6 +155,7 @@ int packet__queue(struct mosquitto *mosq, struct mosquitto__packet *packet)
#ifdef WITH_BROKER
if(db.config->max_queued_messages > 0 && mosq->out_packet_count >= db.config->max_queued_messages){
packet__cleanup(packet);
mosquitto__free(packet);
if(mosq->is_dropping == false){
mosq->is_dropping = true;