[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #61480] MQTT: RCE caused by buffer overflow
From: |
Wouter van Gulik |
Subject: |
[lwip-devel] [bug #61480] MQTT: RCE caused by buffer overflow |
Date: |
Thu, 30 Dec 2021 17:31:45 -0500 (EST) |
User-agent: |
Mozilla/5.0 (Android 10; Mobile; rv:95.0) Gecko/95.0 Firefox/95.0 |
Follow-up Comment #4, bug #61480 (project lwip):
I have written some fixes, but I keep battling corner cases.
I do not get why a large initial packet should still be limited to the client
rxbuf?
Is not better to first try maximum from current pbuf? Let's say you receive
200 bytes, then it will be split and processed in 127 and then the
remainder?.
And does reassembly within the first 127 bytes really help? It will only help
on pbuf borders. Does that really occur?
I imagine it a mqtt message is usually within a single pbuf.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?61480>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/