diff --git a/pahoMqtt/MQTTSubscribeServer.c b/pahoMqtt/MQTTSubscribeServer.c index 5579645..dbf4ef4 100644 --- a/pahoMqtt/MQTTSubscribeServer.c +++ b/pahoMqtt/MQTTSubscribeServer.c @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2014 IBM Corp. + * Copyright (c) 2014, 2023 IBM Corp., Ian Craggs * * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 @@ -38,7 +38,7 @@ int MQTTDeserialize_subscribe(unsigned char* dup, unsigned short* packetid, int MQTTHeader header = {0}; unsigned char* curdata = buf; unsigned char* enddata = NULL; - int rc = -1; + int rc = MQTTPACKET_READ_ERROR; int mylen = 0; FUNC_ENTRY; @@ -47,7 +47,11 @@ int MQTTDeserialize_subscribe(unsigned char* dup, unsigned short* packetid, int goto exit; *dup = header.bits.dup; - curdata += (rc = MQTTPacket_decodeBuf(curdata, &mylen)); /* read remaining length */ + rc = MQTTPacket_decodeBuf(curdata, &mylen); /* read remaining length */ + if (rc <= 0) + goto exit; + curdata += rc; + rc = MQTTPACKET_READ_ERROR; enddata = curdata + mylen; *packetid = readInt(&curdata); @@ -55,6 +59,8 @@ int MQTTDeserialize_subscribe(unsigned char* dup, unsigned short* packetid, int *count = 0; while (curdata < enddata) { + if (*count == maxcount) + goto exit; if (!readMQTTLenString(&topicFilters[*count], &curdata, enddata)) goto exit; if (curdata >= enddata) /* do we have enough data to read the req_qos version byte? */ @@ -109,4 +115,3 @@ int MQTTSerialize_suback(unsigned char* buf, int buflen, unsigned short packetid return rc; } -