mqtt: handle POST/PUBLISH without a set POSTFIELDSIZEbagder/mqtt-publish-size

Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735 Added test 1916 and 1917 to verify.
author: Daniel Stenberg <daniel@haxx.se> 2020-12-17 13:34:38 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2020-12-18 08:31:11 +0100
commit: 2b7f709640da15f94c2d10efb1c079e87e2ca0f8 (patch)
tree: c4c010dda094fb07d03aa2fbc3ae627a31d429c5 /lib/mqtt.c
parent: ff4d2c2a056691ab173de7bfaa6d0e325691f136 (diff)
download: curl-bagder/mqtt-publish-size.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/mqtt.c b/lib/mqtt.c
index a56c7d5eb..71a00cfc2 100644
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -319,7 +319,7 @@ static CURLcode mqtt_publish(struct connectdata *conn)
 {
   CURLcode result;
   char *payload = conn->data->set.postfields;
-  size_t payloadlen = (size_t)conn->data->set.postfieldsize;
+  size_t payloadlen;
   char *topic = NULL;
   size_t topiclen;
   unsigned char *pkt = NULL;
@@ -327,6 +327,14 @@ static CURLcode mqtt_publish(struct connectdata *conn)
   size_t remaininglength;
   size_t encodelen;
   char encodedbytes[4];
+  curl_off_t postfieldsize = conn->data->set.postfieldsize;
+
+  if(!payload)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  if(postfieldsize < 0)
+    payloadlen = strlen(payload);
+  else
+    payloadlen = (size_t)postfieldsize;
 
   result = mqtt_get_topic(conn, &topic, &topiclen);
   if(result)
author	Daniel Stenberg <daniel@haxx.se>	2020-12-17 13:34:38 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2020-12-18 08:31:11 +0100
commit	2b7f709640da15f94c2d10efb1c079e87e2ca0f8 (patch)
tree	c4c010dda094fb07d03aa2fbc3ae627a31d429c5 /lib/mqtt.c
parent	ff4d2c2a056691ab173de7bfaa6d0e325691f136 (diff)
download	curl-bagder/mqtt-publish-size.tar.gz