diff options
author | Harry Sintonen <sintonen@iki.fi> | 2021-06-01 18:22:31 +0300 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-06-02 13:34:17 +0200 |
commit | 8ccf75532bb801346a8ccd8013ad631aac34092b (patch) | |
tree | c771bebce500fe8a6caed36504c328457f8b7bb4 /lib | |
parent | 4f209d883382517206bc5f93603c512c1d9c4e54 (diff) | |
download | curl-8ccf75532bb801346a8ccd8013ad631aac34092b.tar.gz |
mqtt: detect illegal and too large file size
Add test 3017 and 3018 to verify.
Closes #7166
Diffstat (limited to 'lib')
-rw-r--r-- | lib/mqtt.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/mqtt.c b/lib/mqtt.c index d88fa737d..d49a5f1cc 100644 --- a/lib/mqtt.c +++ b/lib/mqtt.c @@ -477,6 +477,12 @@ static CURLcode mqtt_read_publish(struct Curl_easy *data, bool *done) /* -- switched state -- */ remlen = mq->remaining_length; infof(data, "Remaining length: %zd bytes\n", remlen); + if(data->set.max_filesize && + (curl_off_t)remlen > data->set.max_filesize) { + failf(data, "Maximum file size exceeded"); + result = CURLE_FILESIZE_EXCEEDED; + goto end; + } Curl_pgrsSetDownloadSize(data, remlen); data->req.bytecount = 0; data->req.size = remlen; @@ -582,6 +588,10 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) Curl_debug(data, CURLINFO_HEADER_IN, (char *)&byte, 1); pkt[mq->npacket++] = byte; } while((byte & 0x80) && (mq->npacket < 4)); + if(nread && (byte & 0x80)) + /* MQTT supports up to 127 * 128^0 + 127 * 128^1 + 127 * 128^2 + + 127 * 128^3 bytes. server tried to send more */ + result = CURLE_WEIRD_SERVER_REPLY; if(result) break; mq->remaining_length = mqtt_decode_len(&pkt[0], mq->npacket, NULL); |