Commit 0038d1ea109265d5e5aada14d197a2cea9adf4e8
1 parent
52cdff03
Check publish paths
Showing
3 changed files
with
24 additions
and
1 deletions
mqttpacket.cpp
| ... | ... | @@ -4,6 +4,8 @@ |
| 4 | 4 | #include <list> |
| 5 | 5 | #include <cassert> |
| 6 | 6 | |
| 7 | +#include "utils.h" | |
| 8 | + | |
| 7 | 9 | RemainingLength::RemainingLength() |
| 8 | 10 | { |
| 9 | 11 | memset(bytes, 0, 4); |
| ... | ... | @@ -254,9 +256,14 @@ void MqttPacket::handlePublish(std::shared_ptr<SubscriptionStore> &subscriptionS |
| 254 | 256 | if (qos == 3) |
| 255 | 257 | throw ProtocolError("QoS 3 is a protocol violation."); |
| 256 | 258 | |
| 257 | - // TODO: validate UTF8. | |
| 258 | 259 | std::string topic(readBytes(variable_header_length), variable_header_length); |
| 259 | 260 | |
| 261 | + if (!isValidUtf8(topic) || !isValidPublishPath(topic)) | |
| 262 | + { | |
| 263 | + std::cerr << "Client " << sender->repr() << " sent topic with wildcards or invalid UTF8. Ignoring."; | |
| 264 | + return; | |
| 265 | + } | |
| 266 | + | |
| 260 | 267 | if (qos) |
| 261 | 268 | { |
| 262 | 269 | throw ProtocolError("Qos not implemented."); | ... | ... |
utils.cpp
| ... | ... | @@ -111,3 +111,17 @@ bool strContains(const std::string &s, const std::string &needle) |
| 111 | 111 | { |
| 112 | 112 | return s.find(needle) != std::string::npos; |
| 113 | 113 | } |
| 114 | + | |
| 115 | +bool isValidPublishPath(const std::string &s) | |
| 116 | +{ | |
| 117 | + if (s.empty()) | |
| 118 | + return false; | |
| 119 | + | |
| 120 | + for (const char c : s) | |
| 121 | + { | |
| 122 | + if (c == '#' || c == '+') | |
| 123 | + return false; | |
| 124 | + } | |
| 125 | + | |
| 126 | + return true; | |
| 127 | +} | ... | ... |