The expression (buffer[i] & 0x7f) << (7 * (i - 1)) performs a left
shift on a signed int. When i >= 5, the shift amount reaches 28+ and
0x7f << 28 overflows INT_MAX, which is undefined behavior.
Per MQTT 3.1.1 section 2.2.3, the Remaining Length field uses at most
4 continuation bytes, so limit the decoding loop accordingly. Also
cast to size_t in mqtt_get_total_length() where totlen is already
size_t.
Affects mqtt_get_total_length() and mqtt_get_publish_data().
Found via coverage-guided fuzzing (libFuzzer + UBSan).
- Add `ciphersuites_list` to `esp_mqtt_client_config_t` for specifying TLS cipher suites.
- Update SSL transport configuration to use the provided cipher suites.
- Users are responsible for managing the cipher suites list memory.
In the mqtt5 protocol the broker can disconnect the client with
a disconnect packet. This packet contains a reason value that can be
useful for certain applications in which it is important to know
the reason of disconnection.
While the client is connected is possible that a disconnect packet
is reaceived by the broker to force a disconnection. Before this
patch this approach causes a generic error on transport in case of
disconnection from the broker. If the packet is managed before getting
an error it is possible to save the reason code in the
disconnect_return_code variable in the error_handle, and dispatch
the disconnect event that can be managed by the application event
loop, that now can know the reason of disconnection from the broker.
Reset the variable in case of error.
Signed-off-by: Flavia Caforio <flavia.caforio@amarulasolutions.com>
We need to cover for the case where the available MAC isn't defined in
soc caps. E.g. A new target is being introduced but the support isn't
complete yet.
When creating the client_id for user, the library uses the device MAC.
For some of our devices WIFI isn't available and the library needs to select
a different MAC to use.
Once introduced the memory destination for outbox was incorrectly
allocating the outbox data structuture instead of data buffer to the
selected memory.
Enable user to set which interface should be used for client network,
allowing client to be binded to the interface selected by user forcing
it to go through the selected interface.
Closes https://github.com/espressif/esp-mqtt/issues/253
The possibility to add a callback as custom handler was removed from
the client in favor of esp_event. These removes the older alternative
that wasn't possible to use.
Today there is no way to add a new transport without applying
modifications to the transport list. This impose limitations on the
client usage. Adding the custom configuration we enable user defined
transports.
The information was used only to log remaining messages on debug log.
It was checked on writing but updated prior to every call making the
verification meaningless.
- Removed a possible derefrence on data in case of MQTT5 SUBACK with
MQTT5 disabled.
- Covered a case of NULL data on message with negative size.
- Use correct type on calloc for alpn_protos
- Changed strcasecmp to strncasecmp.
In order to keep sending keep alive messages in the scenario were client
publish too often with QoS0 the keepalive is updated when the response
is received.
Euripedes Rocha Filho