Fix CVE-2021-34432 and modify the CVE-2021-41039.patch

(cherry picked from commit 1d819807241ef62087c7af424c251aa761ce7cfe)
2022-02-24 20:03:44 +08:00 · 2022-02-24 20:03:44 +08:00 · 4a4973a50e
commit 4a4973a50e
parent 64680f98c0
3 changed files with 74 additions and 1204 deletions
--- a/CVE-2021-34432.patch
+++ b/CVE-2021-34432.patch
@ -0,0 +1,62 @@
+From 9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 Mon Sep 17 00:00:00 2001
+From: "Roger A. Light" <roger@atchoo.org>
+Date: Tue, 9 Feb 2021 14:09:53 +0000
+Subject: [PATCH] Fix mosquitto_{pub|sub}_topic_check() function returns.
+
+The would not return MOSQ_ERR_INVAL on topic == NULL.
+---
+ ChangeLog.txt    |  5 +++++
+ lib/util_topic.c | 19 ++++++++++++++++---
+ 2 files changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/lib/util_topic.c b/lib/util_topic.c
+index fc24f0d1c..62b531127 100644
+--- a/lib/util_topic.c
+++ b/lib/util_topic.c
+@@ -54,6 +54,11 @@ int mosquitto_pub_topic_check(const char *str)
+ #ifdef WITH_BROKER
+ 	int hier_count = 0;
+ #endif
+
+	if(str == NULL){
+		return MOSQ_ERR_INVAL;
+	}
+
+ 	while(str && str[0]){
+ 		if(str[0] == '+' || str[0] == '#'){
+ 			return MOSQ_ERR_INVAL;
+@@ -81,7 +86,9 @@ int mosquitto_pub_topic_check2(const char *str, size_t len)
+ 	int hier_count = 0;
+ #endif
+ 
+-	if(len > 65535) return MOSQ_ERR_INVAL;
+	if(str == NULL || len > 65535){
+		return MOSQ_ERR_INVAL;
+	}
+ 
+ 	for(i=0; i<len; i++){
+ 		if(str[i] == '+' || str[i] == '#'){
+@@ -115,7 +122,11 @@ int mosquitto_sub_topic_check(const char *str)
+ 	int hier_count = 0;
+ #endif
+ 
+-	while(str && str[0]){
+	if(str == NULL){
+		return MOSQ_ERR_INVAL;
+	}
+
+	while(str[0]){
+ 		if(str[0] == '+'){
+ 			if((c != '\0' && c != '/') || (str[1] != '\0' && str[1] != '/')){
+ 				return MOSQ_ERR_INVAL;
+@@ -150,7 +161,9 @@ int mosquitto_sub_topic_check2(const char *str, size_t len)
+ 	int hier_count = 0;
+ #endif
+ 
+-	if(len > 65535) return MOSQ_ERR_INVAL;
+	if(str == NULL || len > 65535){
+		return MOSQ_ERR_INVAL;
+	}
+ 
+ 	for(i=0; i<len; i++){
+ 		if(str[i] == '+'){
--- a/CVE-2021-41039.patch
+++ b/CVE-2021-41039.patch
--- a/mosquitto.spec
+++ b/mosquitto.spec
@ -1,6 +1,6 @@
 Name:                mosquitto
 Version:             1.6.15
-Release:             5
+Release:             6
 Summary:             Open Source MQTT v3.1/v3.1.1 Broker
 License:             BSD
 URL:                 http://mosquitto.org/
@ -8,6 +8,7 @@ Source0:             http://mosquitto.org/files/source/%{name}-%{version}.tar.gz
 Patch0001:           add-usage-output.patch
 Patch0002:           fix-usage-exit-code.patch
 Patch0003:	     CVE-2021-41039.patch
+Patch0004:           CVE-2021-34432.patch
 BuildRequires:       c-ares-devel gcc-c++ libuuid-devel libwebsockets-devel openssl-devel
 BuildRequires:       systemd-devel
 BuildRequires:       make
@ -91,6 +92,9 @@ exit 0
 %{_mandir}/man3/*.3.*

 %changelog
+* Thu Feb 24 2022 yaoxin <yaoxin30@huawei.com> - 1.6.15-6
+- Fix CVE-2021-34432 and modify the CVE-2021-41039.patch.
+
 * Thu Dec 30 2021 houyingchao <houyingchao@huawei.com> - 1.6.15-5
 - Fix CVE-2021-41039