1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
Description: Fix for CVE-2018-12551
Author: Roger Light <roger@atchoo.org>
Forwarded: not-needed
Origin: upstream, https://mosquitto.org/files/cve/2018-12551/mosquitto-1.4.x_cve-2018-12551.patch
Index: mosquitto-1.4.10/src/security_default.c
===================================================================
--- mosquitto-1.4.10.orig/src/security_default.c
+++ mosquitto-1.4.10/src/security_default.c
@@ -556,6 +556,9 @@ static int _pwfile_parse(const char *fil
while(!feof(pwfile)){
if(fgets(buf, 256, pwfile)){
+ if(buf[0] == '#') continue;
+ if(!strchr(buf, ':')) continue;
+
username = strtok_r(buf, ":", &saveptr);
if(username){
unpwd = _mosquitto_calloc(1, sizeof(struct _mosquitto_unpwd));
@@ -588,8 +591,13 @@ static int _pwfile_parse(const char *fil
unpwd->password[len-1] = '\0';
len = strlen(unpwd->password);
}
+
+ HASH_ADD_KEYPTR(hh, *root, unpwd->username, strlen(unpwd->username), unpwd);
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "Warning: Invalid line in password file '%s': %s", file, buf);
+ _mosquitto_free(unpwd->username);
+ _mosquitto_free(unpwd);
}
- HASH_ADD_KEYPTR(hh, *root, unpwd->username, strlen(unpwd->username), unpwd);
}
}
}
@@ -626,34 +634,39 @@ static int _unpwd_file_parse(struct mosq
token = strtok(NULL, "$");
if(token){
rc = _base64_decode(token, &salt, &salt_len);
- if(rc){
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password salt for user %s.", u->username);
- return MOSQ_ERR_INVAL;
- }
- u->salt = salt;
- u->salt_len = salt_len;
- token = strtok(NULL, "$");
- if(token){
- rc = _base64_decode(token, &password, &password_len);
- if(rc){
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ if(rc == MOSQ_ERR_SUCCESS && salt_len == 12){
+ u->salt = salt;
+ u->salt_len = salt_len;
+ token = strtok(NULL, "$");
+ if(token){
+ rc = _base64_decode(token, &password, &password_len);
+ if(rc == MOSQ_ERR_SUCCESS && password_len == 64){
+ _mosquitto_free(u->password);
+ u->password = (char *)password;
+ u->password_len = password_len;
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
+ }
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
- _mosquitto_free(u->password);
- u->password = (char *)password;
- u->password_len = password_len;
}else{
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password salt for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
}else{
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
}else{
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Missing password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
}
#endif
|