Skip to content

Commit

Permalink
fix malformed packet
Browse files Browse the repository at this point in the history
  • Loading branch information
@mcollina
mcollina committed Apr 17, 2019
1 parent c65b991 commit 2fdbf0f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
1 change: 1 addition & 0 deletions parser.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ Parser.prototype._parseSubscribe = function () {
// Parse topic
topic = this._parseString()
if (topic === null) return this._emitError(new Error('Cannot parse topic'))
if (this._pos >= packet.length) return this._emitError(new Error('Malformed Subscribe Payload'))

options = this._parseByte()
qos = options & constants.SUBSCRIBE_OPTIONS_QOS_MASK
Expand Down
11 changes: 11 additions & 0 deletions test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1839,6 +1839,17 @@ testParseError('Not supported auth packet for this version MQTT', Buffer.from([
38, 0, 4, 116, 101, 115, 116, 0, 4, 116, 101, 115, 116 // userProperties
]))

// When a Subscribe packet contains a topic_filter and the given
// length is topic_filter.length + 1 then the last byte (requested QoS) is interpreted as topic_filter
// reading the requested_qos at the end causes 'Index out of range' read
testParseError('Malformed Subscribe Payload', Buffer.from([
130, 14, // subscribe header and remaining length
0, 123, // packet ID
0, 10, // topic filter length
104, 105, 106, 107, 108, 47, 109, 110, 111, // topic filter with length of 9 bytes
0 // requested QoS
]))

test('stops parsing after first error', function (t) {
t.plan(4)

Expand Down

0 comments on commit 2fdbf0f

Please sign in to comment.