Commit 0038d1ea109265d5e5aada14d197a2cea9adf4e8
1 parent
52cdff03
Check publish paths
Showing
3 changed files
with
24 additions
and
1 deletions
mqttpacket.cpp
| @@ -4,6 +4,8 @@ | @@ -4,6 +4,8 @@ | ||
| 4 | #include <list> | 4 | #include <list> |
| 5 | #include <cassert> | 5 | #include <cassert> |
| 6 | 6 | ||
| 7 | +#include "utils.h" | ||
| 8 | + | ||
| 7 | RemainingLength::RemainingLength() | 9 | RemainingLength::RemainingLength() |
| 8 | { | 10 | { |
| 9 | memset(bytes, 0, 4); | 11 | memset(bytes, 0, 4); |
| @@ -254,9 +256,14 @@ void MqttPacket::handlePublish(std::shared_ptr<SubscriptionStore> &subscriptionS | @@ -254,9 +256,14 @@ void MqttPacket::handlePublish(std::shared_ptr<SubscriptionStore> &subscriptionS | ||
| 254 | if (qos == 3) | 256 | if (qos == 3) |
| 255 | throw ProtocolError("QoS 3 is a protocol violation."); | 257 | throw ProtocolError("QoS 3 is a protocol violation."); |
| 256 | 258 | ||
| 257 | - // TODO: validate UTF8. | ||
| 258 | std::string topic(readBytes(variable_header_length), variable_header_length); | 259 | std::string topic(readBytes(variable_header_length), variable_header_length); |
| 259 | 260 | ||
| 261 | + if (!isValidUtf8(topic) || !isValidPublishPath(topic)) | ||
| 262 | + { | ||
| 263 | + std::cerr << "Client " << sender->repr() << " sent topic with wildcards or invalid UTF8. Ignoring."; | ||
| 264 | + return; | ||
| 265 | + } | ||
| 266 | + | ||
| 260 | if (qos) | 267 | if (qos) |
| 261 | { | 268 | { |
| 262 | throw ProtocolError("Qos not implemented."); | 269 | throw ProtocolError("Qos not implemented."); |
utils.cpp
| @@ -111,3 +111,17 @@ bool strContains(const std::string &s, const std::string &needle) | @@ -111,3 +111,17 @@ bool strContains(const std::string &s, const std::string &needle) | ||
| 111 | { | 111 | { |
| 112 | return s.find(needle) != std::string::npos; | 112 | return s.find(needle) != std::string::npos; |
| 113 | } | 113 | } |
| 114 | + | ||
| 115 | +bool isValidPublishPath(const std::string &s) | ||
| 116 | +{ | ||
| 117 | + if (s.empty()) | ||
| 118 | + return false; | ||
| 119 | + | ||
| 120 | + for (const char c : s) | ||
| 121 | + { | ||
| 122 | + if (c == '#' || c == '+') | ||
| 123 | + return false; | ||
| 124 | + } | ||
| 125 | + | ||
| 126 | + return true; | ||
| 127 | +} |
utils.h
| @@ -27,4 +27,6 @@ bool isValidUtf8(const std::string &s); | @@ -27,4 +27,6 @@ bool isValidUtf8(const std::string &s); | ||
| 27 | 27 | ||
| 28 | bool strContains(const std::string &s, const std::string &needle); | 28 | bool strContains(const std::string &s, const std::string &needle); |
| 29 | 29 | ||
| 30 | +bool isValidPublishPath(const std::string &s); | ||
| 31 | + | ||
| 30 | #endif // UTILS_H | 32 | #endif // UTILS_H |