Update to 2.0.16 for fix CVE-2021-34431,CVE-2023-28366 and CVE-2023-3592

(cherry picked from commit 09b3eaa26a91b6c0ff9d451eabecc9b821d662db)
2023-09-13 15:11:27 +08:00 · 2023-09-13 15:11:27 +08:00 · adda309742
commit adda309742
parent 77ac510aa8
6 changed files with 26 additions and 208 deletions
--- a/CVE-2021-34432.patch
+++ b/CVE-2021-34432.patch
@ -1,62 +0,0 @@
 From 9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 Mon Sep 17 00:00:00 2001
 From: "Roger A. Light" <roger@atchoo.org>
 Date: Tue, 9 Feb 2021 14:09:53 +0000
 Subject: [PATCH] Fix mosquitto_{pub|sub}_topic_check() function returns.
 The would not return MOSQ_ERR_INVAL on topic == NULL.
 ---
 ChangeLog.txt    |  5 +++++
 lib/util_topic.c | 19 ++++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)
 diff --git a/lib/util_topic.c b/lib/util_topic.c
 index fc24f0d1c..62b531127 100644
 --- a/lib/util_topic.c
 +++ b/lib/util_topic.c
@@ -54,6 +54,11 @@ int mosquitto_pub_topic_check(const char *str)
 #ifdef WITH_BROKER
 	int hier_count = 0;
 #endif
 +
 +	if(str == NULL){
 +		return MOSQ_ERR_INVAL;
 +	}
 +
 	while(str && str[0]){
 		if(str[0] == '+' || str[0] == '#'){
 			return MOSQ_ERR_INVAL;
@@ -81,7 +86,9 @@ int mosquitto_pub_topic_check2(const char *str, size_t len)
 	int hier_count = 0;
 #endif
 -	if(len > 65535) return MOSQ_ERR_INVAL;
 +	if(str == NULL || len > 65535){
 +		return MOSQ_ERR_INVAL;
 +	}
 	for(i=0; i<len; i++){
 		if(str[i] == '+' || str[i] == '#'){
@@ -115,7 +122,11 @@ int mosquitto_sub_topic_check(const char *str)
 	int hier_count = 0;
 #endif
 -	while(str && str[0]){
 +	if(str == NULL){
 +		return MOSQ_ERR_INVAL;
 +	}
 +
 +	while(str[0]){
 		if(str[0] == '+'){
 			if((c != '\0' && c != '/') || (str[1] != '\0' && str[1] != '/')){
 				return MOSQ_ERR_INVAL;
@@ -150,7 +161,9 @@ int mosquitto_sub_topic_check2(const char *str, size_t len)
 	int hier_count = 0;
 #endif
 -	if(len > 65535) return MOSQ_ERR_INVAL;
 +	if(str == NULL || len > 65535){
 +		return MOSQ_ERR_INVAL;
 +	}
 	for(i=0; i<len; i++){
 		if(str[i] == '+'){
--- a/CVE-2021-41039.patch
+++ b/CVE-2021-41039.patch
@ -1,121 +0,0 @@
 From 1eb3d438f7cb658a1aa52ea5d7ff8b721fd4f0cc Mon Sep 17 00:00:00 2001
 From: "Roger A. Light" <roger@atchoo.org>
 Date: Tue, 10 Aug 2021 20:48:21 +0100
 Subject: [PATCH] Fix CONNECT performance with many user-properties.
 ---
 lib/property_mosq.c              | 14 ++++-----
 test/broker/01-connect-575314.py | 49 ++++++++++++++++++++++++++++++++
 test/broker/Makefile             |  1 +
 test/broker/test.py              |  1 +
 4 files changed, 58 insertions(+), 7 deletions(-)
 create mode 100755 test/broker/01-connect-575314.py
 diff --git a/lib/property_mosq.c b/lib/property_mosq.c
 index 859e28b..6eccdbd 100644
 --- a/lib/property_mosq.c
 +++ b/lib/property_mosq.c
@@ -878,14 +878,14 @@ int mosquitto_property_check_all(int command, const mosquitto_property *properti
 		if(rc) return rc;
 		/* Check for duplicates */
 -		tail = p->next;
 -		while(tail){
 -			if(p->identifier == tail->identifier
 -					&& p->identifier != MQTT_PROP_USER_PROPERTY){
 -
 -				return MOSQ_ERR_DUPLICATE_PROPERTY;
 +		if(p->identifier != MQTT_PROP_USER_PROPERTY){
 +			tail = p->next;
 +			while(tail){
 +				if(p->identifier == tail->identifier){
 +					return MOSQ_ERR_DUPLICATE_PROPERTY;
 +				}
 +				tail = tail->next;
 			}
 -			tail = tail->next;
 		}
 		p = p->next;
 diff --git a/test/broker/01-connect-575314.py b/test/broker/01-connect-575314.py
 new file mode 100755
 index 0000000..4a8f314
 --- /dev/null
 +++ b/test/broker/01-connect-575314.py
@@ -0,0 +1,49 @@
 +#!/usr/bin/env python3
 +
 +# Check for performance of processing user-property on CONNECT
 +
 +from mosq_test_helper import *
 +
 +def do_test():
 +    rc = 1
 +    props = mqtt5_props.gen_string_pair_prop(mqtt5_props.PROP_USER_PROPERTY, "key", "value")
 +    for i in range(0, 20000):
 +        props += mqtt5_props.gen_string_pair_prop(mqtt5_props.PROP_USER_PROPERTY, "key", "value")
 +    connect_packet_slow = mosq_test.gen_connect("connect-user-property", proto_ver=5, properties=props)
 +    connect_packet_fast = mosq_test.gen_connect("a"*65000, proto_ver=5)
 +    connack_packet = mosq_test.gen_connack(rc=0, proto_ver=5)
 +
 +    port = mosq_test.get_port()
 +    broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port)
 +
 +    try:
 +        t_start = time.monotonic()
 +        sock = mosq_test.do_client_connect(connect_packet_slow, connack_packet, port=port)
 +        t_stop = time.monotonic()
 +        sock.close()
 +
 +        t_diff_slow = t_stop - t_start
 +
 +        t_start = time.monotonic()
 +        sock = mosq_test.do_client_connect(connect_packet_fast, connack_packet, port=port)
 +        t_stop = time.monotonic()
 +        sock.close()
 +
 +        t_diff_fast = t_stop - t_start
 +        # 20 is chosen as a factor that works in plain mode and running under
 +        # valgrind. The slow performance manifests as a factor of >100. Fast is <10.
 +        if t_diff_slow / t_diff_fast < 20:
 +            rc = 0
 +    except mosq_test.TestError:
 +        pass
 +    finally:
 +        broker.terminate()
 +        broker.wait()
 +        (stdo, stde) = broker.communicate()
 +        if rc:
 +            print(stde.decode('utf-8'))
 +            exit(rc)
 +
 +
 +do_test()
 +exit(0)
 diff --git a/test/broker/Makefile b/test/broker/Makefile
 index fa889ce..f560b6e 100644
 --- a/test/broker/Makefile
 +++ b/test/broker/Makefile
@@ -20,6 +20,7 @@ ptest : test-compile
 test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12
 01 :
 +	./01-connect-575314.py
 	./01-connect-anon-denied.py
 	./01-connect-bad-packet.py
 	./01-connect-disconnect-v5.py
 diff --git a/test/broker/test.py b/test/broker/test.py
 index 9a22262..6703f4b 100755
 --- a/test/broker/test.py
 +++ b/test/broker/test.py
@@ -5,6 +5,7 @@ import ptest
 tests = [
     #(ports required, 'path'),
 +    (1, './01-connect-575314.py'),
     (1, './01-connect-anon-denied.py'),
     (1, './01-connect-bad-packet.py'),
     (1, './01-connect-disconnect-v5.py'),
 -- 
 2.30.0
--- a/fix-usage-exit-code.patch
+++ b/fix-usage-exit-code.patch
@ -1,6 +1,6 @@
-From 55ff763724f71e84ead9b0352506653dbb1c8d69 Mon Sep 17 00:00:00 2001
+From 97cef5c831be58770f4a298023d358bd225601d4 Mon Sep 17 00:00:00 2001
 From: lingsheng <lingsheng@huawei.com>
-Date: Thu, 30 Sep 2021 15:31:46 +0800
+Date: Wed, 10 May 2023 15:02:00 +0800
 Subject: [PATCH] fix usage exit code
 ---
@ -10,10 +10,10 @@ Subject: [PATCH] fix usage exit code
 3 files changed, 11 insertions(+)
 diff --git a/client/pub_client.c b/client/pub_client.c
-index 59162a2..4ad2fb3 100644
+index 7822e27..7e2d910 100644
 --- a/client/pub_client.c
 +++ b/client/pub_client.c
-@@ -491,6 +491,10 @@ int main(int argc, char *argv[])
+@@ -526,6 +526,10 @@ int main(int argc, char *argv[])
 		if(rc == 2){
 			/* --help */
 			print_usage();
@ -21,38 +21,38 @@ index 59162a2..4ad2fb3 100644
 +			client_config_cleanup(&cfg);
 +			pub_shared_cleanup();
 +			return 0;
 		}else if(rc == 3){
 			print_version();
 		}else{
 			fprintf(stderr, "\nUse 'mosquitto_pub --help' to see usage.\n");
 		}
 diff --git a/client/rr_client.c b/client/rr_client.c
-index dec9468..180d3b8 100644
+index e74536f..fc90803 100644
 --- a/client/rr_client.c
 +++ b/client/rr_client.c
-@@ -267,6 +267,9 @@ int main(int argc, char *argv[])
+@@ -316,6 +316,9 @@ int main(int argc, char *argv[])
 		if(rc == 2){
 			/* --help */
 			print_usage();
 +			mosquitto_lib_cleanup();
 +			client_config_cleanup(&cfg);
 +			return 0;
- 		}else{
+ 		}else if(rc == 3){
- 			fprintf(stderr, "\nUse 'mosquitto_rr --help' to see usage.\n");
+ 			/* --version */
- 		}
+ 			print_version();
 diff --git a/client/sub_client.c b/client/sub_client.c
-index fb26638..5f4ac5f 100644
+index 4ff3bf9..80f778f 100644
 --- a/client/sub_client.c
 +++ b/client/sub_client.c
-@@ -294,6 +294,10 @@ int main(int argc, char *argv[])
+@@ -331,6 +331,10 @@ int main(int argc, char *argv[])
 		if(rc == 2){
 			/* --help */
 			print_usage();
-+			mosquitto_destroy(mosq);
+			mosquitto_destroy(g_mosq);
 +			mosquitto_lib_cleanup();
 +			client_config_cleanup(&cfg);
 +			return 0;
- 		}else{
+ 		}else if(rc == 3){
- 			fprintf(stderr, "\nUse 'mosquitto_sub --help' to see usage.\n");
+ 			/* --version */
- 		}
+ 			print_version();
 -- 
-2.23.0
+2.33.0
--- a/mosquitto-1.6.15.tar.gz
+++ b/mosquitto-1.6.15.tar.gz
--- a/mosquitto-2.0.16.tar.gz
+++ b/mosquitto-2.0.16.tar.gz
--- a/mosquitto.spec
+++ b/mosquitto.spec
@ -1,16 +1,14 @@
 Name:                mosquitto
-Version:             1.6.15
+Version:             2.0.16
-Release:             6
+Release:             1
 Summary:             Open Source MQTT v3.1/v3.1.1 Broker
-License:             BSD
+License:             EPL-1.0
 URL:                 http://mosquitto.org/
 Source0:             http://mosquitto.org/files/source/%{name}-%{version}.tar.gz
 Patch0001:           add-usage-output.patch
 Patch0002:           fix-usage-exit-code.patch
 Patch0003:	     CVE-2021-41039.patch
 Patch0004:           CVE-2021-34432.patch
 BuildRequires:       c-ares-devel gcc-c++ libuuid-devel libwebsockets-devel openssl-devel
-BuildRequires:       systemd-devel
+BuildRequires:       systemd-devel cjson-devel
 BuildRequires:       make
 Provides:            bundled(uthash)
 Requires(pre):       shadow-utils
@ -72,7 +70,7 @@ exit 0
 %files
 %license LICENSE.txt
-%doc ChangeLog.txt CONTRIBUTING.md readme.md
+%doc ChangeLog.txt CONTRIBUTING.md README.md
 %{_bindir}/*
 %{_sbindir}/*
 %{_libdir}/*.so.*
@ -92,6 +90,9 @@ exit 0
 %{_mandir}/man3/*.3.*
 %changelog
 * Wed Sep 13 2023 yaoxin <yao_xin001@hoperun.com> - 2.0.16-1
 - Update to 2.0.16 for fix CVE-2021-34431,CVE-2023-28366 and CVE-2023-3592
 * Thu Feb 24 2022 yaoxin <yaoxin30@huawei.com> - 1.6.15-6
 - Fix CVE-2021-34432 and modify the CVE-2021-41039.patch.