paho.mqtt.c icon indicating copy to clipboard operation
paho.mqtt.c copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Access freed memory in connect on username

Open gajanak opened this issue 2 years ago • 1 comments

Hello,

I noticed the following behavior on connect with different connection option.

  1. Connect with username/password
  2. Connect without username/password

On second connect the first username/password is used again.

Using the current "master" Branch.

IMHO:

On connect the username/password is copied from options in MQTTClient.username/password. If I call connect a second time without username (null) in options, the memory of MQTTClient.username is freed, but the pointer is not set to zero ;). Now the freed pointer still directing to the previous username is used for connect. Its lucky, if the memory is still valid.

https://github.com/eclipse/paho.mqtt.c/blob/master/src/MQTTClient.c#L1614

	if (m->c->username)
		free((void*)m->c->username);
	if (options->username)
		m->c->username = MQTTStrdup(options->username);

It seems m->c->username should be zeroed after free or set to zero in else-branch of options->username check ?

Perhaps I missed something.....

gajanak avatar May 17 '22 18:05 gajanak

Yes, setting the pointer to NULL after being freed should be done.

icraggs avatar May 20 '22 12:05 icraggs