Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / edf94cbc52553abbb43e64686bfba024d4d62cff^! / .
commitedf94cbc52553abbb43e64686bfba024d4d62cff[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Mon Jun 28 15:26:00 2021 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Mon Jun 28 16:33:37 2021 +0200
tree1a762df54841013a26461ab6a985db46176878fc
parentb3cb3221e5dabc73deec942a3475ef21289853bd [diff]
BUG/MINOR: mqtt: Fix parser for string with more than 127 characters

Parsing of too long strings (> 127 characters) was buggy because of a wrong
cast on the length bytes. To fix the bug, we rely on mqtt_read_2byte_int()
function. This way, the string length is properly decoded.

This patch should partely fix the issue #1310. It must be backported to 2.4.

(cherry picked from commit ca925c9c28934739311210a1cc5e19fab972c5fa)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/reg-tests/converter/mqtt.vtc b/reg-tests/converter/mqtt.vtc
index 15d03ed..5981824 100644
--- a/reg-tests/converter/mqtt.vtc
+++ b/reg-tests/converter/mqtt.vtc

@@ -4,8 +4,8 @@
 feature ignore_unknown_macro
 
 server s1 {
-    # MQTT 3.1.1 CONNECT packet (id: test_sub)
-    recv 22
+    # MQTT 3.1.1 CONNECT packet (id: test_subaaaaaa... [len = 200])
+    recv 215
     sendhex "20020000"
     close
 
@@ -114,7 +114,7 @@
 
 client c1_311_1 -connect ${h1_fe1_sock} {
     # Valid MQTT 3.1.1 CONNECT packet (id: test_sub)
-    sendhex "101400044d5154540402003c0008746573745f737562"
+    sendhex "10d40100044d5154540402003c00c8746573745f737562616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161"
     recv 4
     expect_close
 } -run

diff --git a/src/mqtt.c b/src/mqtt.c
index 7679cba..8a6b6a0 100644
--- a/src/mqtt.c
+++ b/src/mqtt.c

@@ -288,15 +288,14 @@
  */
 static inline struct ist mqtt_read_string(struct ist parser, struct ist *str)
 {
-	uint16_t len;
+	uint16_t len = 0;
 
 	/* read and compute the string length */
 	if (istlen(parser) <= 2)
 		goto error;
 
-	len = ((uint16_t)*istptr(parser) << 8) + (uint16_t)*(istptr(parser) + 1);
-	parser = istadv(parser, 2);
-	if (istlen(parser) < len)
+	parser = mqtt_read_2byte_int(parser, &len);
+	if (!isttest(parser) || istlen(parser) < len)
 		goto error;
 
 	if (str) {