blob: c6a4d9406e473e2eaeb3e7287c12e0fc7c0fa148 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Description: Fix for CVE-2018-12550
Author: Roger Light <roger@atchoo.org>
Forwarded: not-needed
Origin: upstream, https://mosquitto.org/files/cve/2018-12550/mosquitto-1.4.x_cve-2018-12550.patch
Index: mosquitto-1.4.10/src/security_default.c
===================================================================
--- mosquitto-1.4.10.orig/src/security_default.c
+++ mosquitto-1.4.10/src/security_default.c
@@ -231,7 +231,7 @@ int mosquitto_acl_check_default(struct m
char *s;
if(!db || !context || !topic) return MOSQ_ERR_INVAL;
- if(!db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
+ if(!db->config->acl_file && !db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
if(context->bridge) return MOSQ_ERR_SUCCESS;
if(!context->acl_list && !db->acl_patterns) return MOSQ_ERR_ACL_DENIED;
@@ -442,6 +442,10 @@ static int _aclfile_parse(struct mosquit
fclose(aclfile);
return 1;
}
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid line in acl_file \"%s\": %s.", db->config->acl_file, buf);
+ fclose(aclfile);
+ return 1;
}
}
}
|