mosquitto/CVE-2023-3592.patch

From 00b24e0eb0686e9a76feb71fdaee650cb7e612fa Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Fri, 7 Jul 2023 23:41:04 +0100
Subject: [PATCH] Fix memory leak when clients send v5 CONNECT packets.

This occurs when they have a will message that contains invalid property
types.
---
 src/property_broker.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/property_broker.c b/src/property_broker.c
index a2147d0..5e4bb38 100644
--- a/src/property_broker.c
+++ b/src/property_broker.c
@@ -101,6 +101,7 @@ int property__process_will(struct mosquitto *context, struct mosquitto_message_a
 				break;
 
 			default:
+				msg->properties = msg_properties;
 				return MOSQ_ERR_PROTOCOL;
 				break;
 		}
-- 
2.30.0
Fix CVE-2023-3592 (cherry picked from commit d9a61f0cff06ec6021517835613784d976ef4109) 2023-12-27 15:04:45 +08:00			`From 00b24e0eb0686e9a76feb71fdaee650cb7e612fa Mon Sep 17 00:00:00 2001`
			`From: "Roger A. Light" <roger@atchoo.org>`
			`Date: Fri, 7 Jul 2023 23:41:04 +0100`
			`Subject: [PATCH] Fix memory leak when clients send v5 CONNECT packets.`

			`This occurs when they have a will message that contains invalid property`
			`types.`
			`---`
			`src/property_broker.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/src/property_broker.c b/src/property_broker.c`
			`index a2147d0..5e4bb38 100644`
			`--- a/src/property_broker.c`
			`+++ b/src/property_broker.c`
			`@@ -101,6 +101,7 @@ int property__process_will(struct mosquitto *context, struct mosquitto_message_a`
			`break;`

			`default:`
			`+ msg->properties = msg_properties;`
			`return MOSQ_ERR_PROTOCOL;`
			`break;`
			`}`
			`--`
			`2.30.0`