Commit 962dec5e9b568e3a09250a60e63148243e525e16
1 parent
7e87fd91
Parsing read buffer is now probably fixed
Showing
1 changed file
with
8 additions
and
6 deletions
client.cpp
| @@ -240,22 +240,24 @@ bool Client::bufferToMqttPackets(std::vector<MqttPacket> &packetQueueIn, Client_ | @@ -240,22 +240,24 @@ bool Client::bufferToMqttPackets(std::vector<MqttPacket> &packetQueueIn, Client_ | ||
| 240 | while (getReadBufBytesUsed() >= MQTT_HEADER_LENGH) | 240 | while (getReadBufBytesUsed() >= MQTT_HEADER_LENGH) |
| 241 | { | 241 | { |
| 242 | // Determine the packet length by decoding the variable length | 242 | // Determine the packet length by decoding the variable length |
| 243 | - size_t remaining_length_i = 1; | 243 | + int remaining_length_i = ri + 1; // index of 'remaining length' field is one after start. |
| 244 | + size_t fixed_header_length = 1; | ||
| 244 | int multiplier = 1; | 245 | int multiplier = 1; |
| 245 | size_t packet_length = 0; | 246 | size_t packet_length = 0; |
| 246 | unsigned char encodedByte = 0; | 247 | unsigned char encodedByte = 0; |
| 247 | do | 248 | do |
| 248 | { | 249 | { |
| 249 | - if (remaining_length_i >= getReadBufBytesUsed()) | ||
| 250 | - break; | ||
| 251 | - encodedByte = readbuf[ri + remaining_length_i++]; | 250 | + fixed_header_length++; |
| 251 | + if (remaining_length_i >= wi) | ||
| 252 | + return false; | ||
| 253 | + encodedByte = readbuf[remaining_length_i++]; | ||
| 252 | packet_length += (encodedByte & 127) * multiplier; | 254 | packet_length += (encodedByte & 127) * multiplier; |
| 253 | multiplier *= 128; | 255 | multiplier *= 128; |
| 254 | if (multiplier > 128*128*128) | 256 | if (multiplier > 128*128*128) |
| 255 | return false; | 257 | return false; |
| 256 | } | 258 | } |
| 257 | while ((encodedByte & 128) != 0); | 259 | while ((encodedByte & 128) != 0); |
| 258 | - packet_length += remaining_length_i; | 260 | + packet_length += fixed_header_length; |
| 259 | 261 | ||
| 260 | if (!authenticated && packet_length >= 1024*1024) | 262 | if (!authenticated && packet_length >= 1024*1024) |
| 261 | { | 263 | { |
| @@ -264,7 +266,7 @@ bool Client::bufferToMqttPackets(std::vector<MqttPacket> &packetQueueIn, Client_ | @@ -264,7 +266,7 @@ bool Client::bufferToMqttPackets(std::vector<MqttPacket> &packetQueueIn, Client_ | ||
| 264 | 266 | ||
| 265 | if (packet_length <= getReadBufBytesUsed()) | 267 | if (packet_length <= getReadBufBytesUsed()) |
| 266 | { | 268 | { |
| 267 | - MqttPacket packet(&readbuf[ri], packet_length, remaining_length_i, sender); | 269 | + MqttPacket packet(&readbuf[ri], packet_length, fixed_header_length, sender); |
| 268 | packetQueueIn.push_back(std::move(packet)); | 270 | packetQueueIn.push_back(std::move(packet)); |
| 269 | 271 | ||
| 270 | ri += packet_length; | 272 | ri += packet_length; |