BUG/MINOR: mqtt: Fix parser for string with more than 127 characters Parsing of too long strings (> 127 characters) was buggy because of a wrong cast on the length bytes. To fix the bug, we rely on mqtt_read_2byte_int() function. This way, the string length is properly decoded. This patch should partely fix the issue #1310. It must be backported to 2.4. (cherry picked from commit ca925c9c28934739311210a1cc5e19fab972c5fa) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

commit: edf94cbc52553abbb43e64686bfba024d4d62cff [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Mon Jun 28 15:26:00 2021 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Mon Jun 28 16:33:37 2021 +0200
tree: 1a762df54841013a26461ab6a985db46176878fc
parent: b3cb3221e5dabc73deec942a3475ef21289853bd [diff] [blame]
diff --git a/src/mqtt.c b/src/mqtt.c
index 7679cba..8a6b6a0 100644
--- a/src/mqtt.c
+++ b/src/mqtt.c

@@ -288,15 +288,14 @@
  */
 static inline struct ist mqtt_read_string(struct ist parser, struct ist *str)
 {
-	uint16_t len;
+	uint16_t len = 0;
 
 	/* read and compute the string length */
 	if (istlen(parser) <= 2)
 		goto error;
 
-	len = ((uint16_t)*istptr(parser) << 8) + (uint16_t)*(istptr(parser) + 1);
-	parser = istadv(parser, 2);
-	if (istlen(parser) < len)
+	parser = mqtt_read_2byte_int(parser, &len);
+	if (!isttest(parser) || istlen(parser) < len)
 		goto error;
 
 	if (str) {
commit	edf94cbc52553abbb43e64686bfba024d4d62cff	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Mon Jun 28 15:26:00 2021 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Mon Jun 28 16:33:37 2021 +0200
tree	1a762df54841013a26461ab6a985db46176878fc
parent	b3cb3221e5dabc73deec942a3475ef21289853bd [diff] [blame]