File mosquitto-1.4.x-cve-2018-12550.patch of Package mosquitto.9664

From: "Roger A. Light" <roger@atchoo.org>
Date: Wed, 30 Jan 2019 15:29:20 +0000
Subject: Fix and tests for security bug #541870.

diff --git a/src/security_default.c b/src/security_default.c
index 743020c..5a886a5 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -231,7 +231,7 @@ int mosquitto_acl_check_default(struct mosquitto_db *db, struct mosquitto *conte
 	char *s;
 
 	if(!db || !context || !topic) return MOSQ_ERR_INVAL;
-	if(!db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
+	if(!db->config->acl_file && !db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
 	if(context->bridge) return MOSQ_ERR_SUCCESS;
 	if(!context->acl_list && !db->acl_patterns) return MOSQ_ERR_ACL_DENIED;
 
@@ -422,6 +422,10 @@ static int aclfile__parse(struct mosquitto_db *db, struct mosquitto__security_op
 					fclose(aclfile);
 					return 1;
 				}
+			}else{
+				_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid line in acl_file \"%s\": %s.", db->config->acl_file, buf);
+				fclose(aclfile);
+				return 1;
 			}
 		}
 	}

Places

File mosquitto-1.4.x-cve-2018-12550.patch of Package mosquitto.9664

Places