Commit ddf2b612dc4fbc5ea00cd3960215a380c76ed8ea
1 parent
d6af7d82
Check whether subscribe topic is valid UTF-8
And check Qos.
Showing
2 changed files
with
10 additions
and
0 deletions
mqttpacket.cpp
| ... | ... | @@ -334,7 +334,15 @@ void MqttPacket::handleSubscribe() |
| 334 | 334 | { |
| 335 | 335 | uint16_t topicLength = readTwoBytesToUInt16(); |
| 336 | 336 | std::string topic(readBytes(topicLength), topicLength); |
| 337 | + | |
| 338 | + if (topic.empty() || !isValidUtf8(topic)) | |
| 339 | + throw ProtocolError("Subscribe topic not valid UTF-8."); | |
| 340 | + | |
| 337 | 341 | char qos = readByte(); |
| 342 | + | |
| 343 | + if (qos > 2) | |
| 344 | + throw ProtocolError("QoS is greater than 2, and/or reserved bytes in QoS field are not 0."); | |
| 345 | + | |
| 338 | 346 | logger->logf(LOG_INFO, "Client '%s' subscribed to '%s'", sender->repr().c_str(), topic.c_str()); |
| 339 | 347 | sender->getThreadData()->getSubscriptionStore()->addSubscription(sender, topic, qos); |
| 340 | 348 | subs_reponse_codes.push_back(qos); | ... | ... |
session.cpp
| ... | ... | @@ -33,6 +33,8 @@ void Session::assignActiveConnection(std::shared_ptr<Client> &client) |
| 33 | 33 | |
| 34 | 34 | void Session::writePacket(const MqttPacket &packet, char max_qos) |
| 35 | 35 | { |
| 36 | + assert(max_qos <= 2); | |
| 37 | + | |
| 36 | 38 | if (thread->authPlugin.aclCheck(client_id, username, packet.getTopic(), AclAccess::read) == AuthResult::success) |
| 37 | 39 | { |
| 38 | 40 | const char qos = std::min<char>(packet.getQos(), max_qos); | ... | ... |