Mirrors_Framework/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse-mosquitto/mosquitto.git synced 2026-02-06 02:52:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check return value of openssl ASN1_string_[get0_]data() functions for NULL.

Browse Source 
This prevents a crash in case of incorrect certificate handling in openssl.

Closes #3390. Thanks to Qingpeng Du.
This commit is contained in:
Roger A. Light
2025-10-11 20:29:51 +01:00
parent f3a9fbb78c
commit a0fa07f9ed
3 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/handle_connect.c
View File

@@ -805,7 +805,7 @@ int handle__connect(struct mosquitto *context)
#else
new_username = (const char *) ASN1_STRING_get0_data(name_asn1);
#endif
if(mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
if(!new_username || mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
if(context->protocol == mosq_p_mqtt5){
send__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);
}else{

11
src/security_default.c
View File

@@ -1200,10 +1200,17 @@ int mosquitto_security_apply_default(void)
continue;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
context->username = mosquitto__strdup((char *) ASN1_STRING_data(name_asn1));
const char *username = (const char *)ASN1_STRING_data(name_asn1);
#else
context->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));
const char *username = (const char *)ASN1_STRING_get0_data(name_asn1);
#endif
if(!username){
X509_free(client_cert);
client_cert = NULL;
security__disconnect_auth(context);
continue;
}
context->username = mosquitto__strdup(username);
if(!context->username){
X509_free(client_cert);
client_cert = NULL;