diff --git a/src/emqx.appup.src b/src/emqx.appup.src index 1cfd7c8ce..ef0feef95 100644 --- a/src/emqx.appup.src +++ b/src/emqx.appup.src @@ -4,20 +4,23 @@ Instructions = [ {"4.3.8", [ {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.7", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.6", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.5", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -26,7 +29,8 @@ Instructions = {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.4", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -36,7 +40,8 @@ Instructions = {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.3", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -48,7 +53,8 @@ Instructions = {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.2", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -63,7 +69,8 @@ Instructions = {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_pqueue,brutal_purge,soft_purge,[]}, - {load_module,emqx_mqueue,brutal_purge,soft_purge,[]} + {load_module,emqx_mqueue,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.1", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -111,19 +118,22 @@ Instructions = [ {"4.3.7", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, - {load_module,emqx_misc,brutal_purge,soft_purge,[]} + {load_module,emqx_misc,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.6", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, - {load_module,emqx_ctl,brutal_purge,soft_purge,[]} + {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.5", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}, {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, - {load_module,emqx_ctl,brutal_purge,soft_purge,[]} + {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.4", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -131,7 +141,8 @@ Instructions = {load_module,emqx_cm,brutal_purge,soft_purge,[]}, {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]}, {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, - {load_module,emqx_ctl,brutal_purge,soft_purge,[]} + {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.3", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -141,7 +152,8 @@ Instructions = {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}, {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, - {load_module,emqx_ctl,brutal_purge,soft_purge,[]} + {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.2", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, @@ -154,7 +166,8 @@ Instructions = {load_module,emqx_connection,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}, {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, - {load_module,emqx_ctl,brutal_purge,soft_purge,[]} + {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, + {load_module,emqx_frame,brutal_purge,soft_purge,[]} ]}, {"4.3.1", [ {load_module,emqx_alarm_handler,brutal_purge,soft_purge,[]}, diff --git a/src/emqx_frame.erl b/src/emqx_frame.erl index 37063c65f..79ac9da35 100644 --- a/src/emqx_frame.erl +++ b/src/emqx_frame.erl @@ -69,6 +69,8 @@ version => ?MQTT_PROTO_V4 }). +-define(MULTIPLIER_MAX, 16#200000). + -dialyzer({no_match, [serialize_utf8_string/2]}). %%-------------------------------------------------------------------- @@ -146,7 +148,7 @@ parse_remaining_len(<<0:8, Rest/binary>>, Header, 1, 0, Options) -> parse_remaining_len(<<0:1, 2:7, Rest/binary>>, Header, 1, 0, Options) -> parse_frame(Rest, Header, 2, Options); parse_remaining_len(<<1:1, _Len:7, _Rest/binary>>, _Header, Multiplier, _Value, _Options) - when Multiplier > 2097152 -> + when Multiplier > ?MULTIPLIER_MAX -> error(malformed_variable_byte_integer); parse_remaining_len(<<1:1, Len:7, Rest/binary>>, Header, Multiplier, Value, Options) -> parse_remaining_len(Rest, Header, Multiplier * ?HIGHBIT, Value + Len * Multiplier, Options); @@ -432,6 +434,9 @@ parse_property(<<16#2A, Val, Bin/binary>>, Props) -> parse_variable_byte_integer(Bin) -> parse_variable_byte_integer(Bin, 1, 0). +parse_variable_byte_integer(<<1:1, _Len:7, _Rest/binary>>, Multiplier, _Value) + when Multiplier > ?MULTIPLIER_MAX -> + error(malformed_variable_byte_integer); parse_variable_byte_integer(<<1:1, Len:7, Rest/binary>>, Multiplier, Value) -> parse_variable_byte_integer(Rest, Multiplier * ?HIGHBIT, Value + Len * Multiplier); parse_variable_byte_integer(<<0:1, Len:7, Rest/binary>>, Multiplier, Value) -> diff --git a/test/emqx_frame_SUITE.erl b/test/emqx_frame_SUITE.erl index 09206cee1..591c75bdc 100644 --- a/test/emqx_frame_SUITE.erl +++ b/test/emqx_frame_SUITE.erl @@ -137,6 +137,11 @@ t_parse_frame_malformed_variable_byte_integer(_) -> ?catch_error(malformed_variable_byte_integer, emqx_frame:parse(MalformedPayload, ParseState)). +t_parse_frame_variable_byte_integer(_) -> + Bin = <<2#10010011, 2#10000000, 2#10001000, 2#10011001, 2#10101101, 2#00110010>>, + ?catch_error(malformed_variable_byte_integer, + emqx_frame:parse_variable_byte_integer(Bin)). + t_serialize_parse_v3_connect(_) -> Bin = <<16,37,0,6,77,81,73,115,100,112,3,2,0,60,0,23,109,111,115, 113,112,117, 98,47,49,48,52,53,49,45,105,77,97,99,46,108,