From a69ef81aeb72febeb7e39cc4471ed829d51e2fa9 Mon Sep 17 00:00:00 2001
From: Florian Ludwig <f.ludwig@greyrook.com>
Date: Wed, 7 Jul 2021 18:57:31 +0200
Subject: [PATCH] Do not disregard KeyError exceptions inside plugins

---
 amqtt/plugins/manager.py | 8 ++++----
 docs/changelog.rst       | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/amqtt/plugins/manager.py b/amqtt/plugins/manager.py
index 043fc47c..bc82c91f 100644
--- a/amqtt/plugins/manager.py
+++ b/amqtt/plugins/manager.py
@@ -194,13 +194,13 @@ async def map(self, coro, *args, **kwargs):
 
     @staticmethod
     async def _call_coro(plugin, coro_name, *args, **kwargs):
-        try:
-            coro = getattr(plugin.object, coro_name, None)(*args, **kwargs)
-            return await coro
-        except TypeError:
+        if not hasattr(plugin.object, coro_name):
             # Plugin doesn't implement coro_name
             return None
 
+        coro = getattr(plugin.object, coro_name)(*args, **kwargs)
+        return await coro
+
     async def map_plugin_coro(self, coro_name, *args, **kwargs):
         """
         Call a plugin declared by plugin by its name
diff --git a/docs/changelog.rst b/docs/changelog.rst
index cd9b0fd2..092a2225 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -1,7 +1,7 @@
 Changelog
 ---------
 
-0.10.0 - [unreleased]
+0.10.0 - [2021-07-07]
 ---------------------
 
  * first release under new package name: amqtt
@@ -13,6 +13,7 @@ Changelog
  * Move scripts module into hbmqtt module, from https://github.com/beerfactory/hbmqtt/pull/167
  * Download mosquitto certificate on the fly
  * importing `hbmqtt` is deprecated, use `amqtt`
+ * Security fix: If an attacker could produce a KeyError inside an authentication plugin, the authentication was accepted instead of rejected
 
 0.9.5
 .....