mqtt: detect illegal and too large file size

Add test 3017 and 3018 to verify. Closes #7166
author: Harry Sintonen <sintonen@iki.fi> 2021-06-01 18:22:31 +0300
committer: Daniel Stenberg <daniel@haxx.se> 2021-06-02 13:34:17 +0200
commit: 8ccf75532bb801346a8ccd8013ad631aac34092b (patch)
tree: c771bebce500fe8a6caed36504c328457f8b7bb4 /tests/server
parent: 4f209d883382517206bc5f93603c512c1d9c4e54 (diff)
download: curl-8ccf75532bb801346a8ccd8013ad631aac34092b.tar.gz
1 files changed, 19 insertions, 3 deletions
diff --git a/tests/server/mqttd.c b/tests/server/mqttd.c
index 8134336da..18339262e 100644
--- a/tests/server/mqttd.c
+++ b/tests/server/mqttd.c
@@ -106,6 +106,7 @@ struct configurable {
                             this */
   bool publish_before_suback;
   bool short_publish;
+  bool excessive_remaining;
   unsigned char error_connack;
   int testnum;
 };
@@ -130,6 +131,7 @@ static void resetdefaults(void)
   config.version = CONFIG_VERSION;
   config.publish_before_suback = FALSE;
   config.short_publish = FALSE;
+  config.excessive_remaining = FALSE;
   config.error_connack = 0;
   config.testnum = 0;
 }
@@ -171,6 +173,10 @@ static void getconfig(void)
           config.testnum = atoi(value);
           logmsg("testnum = %d", config.testnum);
         }
+        else if(!strcmp(key, "excessive-remaining")) {
+          logmsg("excessive-remaining set");
+          config.excessive_remaining = TRUE;
+        }
       }
     }
     fclose(fp);
@@ -337,7 +343,8 @@ static int disconnect(FILE *dump, curl_socket_t fd)
 */
 
 /* return number of bytes used */
-static int encode_length(size_t packetlen, char *remlength) /* 4 bytes */
+static int encode_length(size_t packetlen,
+                         unsigned char *remlength) /* 4 bytes */
 {
   int bytes = 0;
   unsigned char encode;
@@ -393,10 +400,19 @@ static int publish(FILE *dump,
   ssize_t packetlen;
   ssize_t sendamount;
   ssize_t rc;
-  char rembuffer[4];
+  unsigned char rembuffer[4];
   int encodedlen;
 
-  encodedlen = encode_length(remaininglength, rembuffer);
+  if(config.excessive_remaining) {
+    /* manually set illegal remaining length */
+    rembuffer[0] = 0xff;
+    rembuffer[1] = 0xff;
+    rembuffer[2] = 0xff;
+    rembuffer[3] = 0x80; /* maximum allowed here by spec is 0x7f */
+    encodedlen = 4;
+  }
+  else
+    encodedlen = encode_length(remaininglength, rembuffer);
 
   /* one packet type byte (possibly two more for packetid) */
   packetlen = remaininglength + encodedlen + 1;
author	Harry Sintonen <sintonen@iki.fi>	2021-06-01 18:22:31 +0300
committer	Daniel Stenberg <daniel@haxx.se>	2021-06-02 13:34:17 +0200
commit	8ccf75532bb801346a8ccd8013ad631aac34092b (patch)
tree	c771bebce500fe8a6caed36504c328457f8b7bb4 /tests/server
parent	4f209d883382517206bc5f93603c512c1d9c4e54 (diff)
download	curl-8ccf75532bb801346a8ccd8013ad631aac34092b.tar.gz