From 686f79c0360355c353c4d554b05e666a8f9344d7 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 2 Jul 2024 15:25:05 +0800 Subject: [PATCH 1/2] fix: fix two minor issues of bulti-in authn/authz 1. the `Derived Key Length` for `pbkdf2` should be a positive integer. 2. fix topics in the authorization rules might be parsed incorrectly --- apps/emqx_auth/src/emqx_authn/emqx_authn_password_hashing.erl | 2 +- apps/emqx_auth/src/emqx_authz/emqx_authz_rule_raw.erl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/emqx_auth/src/emqx_authn/emqx_authn_password_hashing.erl b/apps/emqx_auth/src/emqx_authn/emqx_authn_password_hashing.erl index 46b44512f..4d74ff48c 100644 --- a/apps/emqx_auth/src/emqx_authn/emqx_authn_password_hashing.erl +++ b/apps/emqx_auth/src/emqx_authn/emqx_authn_password_hashing.erl @@ -142,7 +142,7 @@ salt_position(desc) -> "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 alg salt_position(_) -> undefined. dk_length(type) -> - integer(); + pos_integer(); dk_length(required) -> false; dk_length(desc) -> diff --git a/apps/emqx_auth/src/emqx_authz/emqx_authz_rule_raw.erl b/apps/emqx_auth/src/emqx_authz/emqx_authz_rule_raw.erl index 0c56be2d1..0f66b3ade 100644 --- a/apps/emqx_auth/src/emqx_authz/emqx_authz_rule_raw.erl +++ b/apps/emqx_auth/src/emqx_authz/emqx_authz_rule_raw.erl @@ -98,7 +98,7 @@ validate_rule_topics(RuleRaw) -> throw({missing_topic_or_topics, RuleRaw}). validate_rule_topic(<<"eq ", TopicRaw/binary>>) -> - {eq, validate_rule_topic(TopicRaw)}; + {eq, TopicRaw}; validate_rule_topic(TopicRaw) when is_binary(TopicRaw) -> TopicRaw. validate_rule_permission(<<"allow">>) -> allow; From 3779ddcd656f0774f9f3fb1446c77c3198c1fa26 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 2 Jul 2024 15:54:44 +0800 Subject: [PATCH 2/2] chore: update changes --- changes/ce/fix-13389.en.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changes/ce/fix-13389.en.md diff --git a/changes/ce/fix-13389.en.md b/changes/ce/fix-13389.en.md new file mode 100644 index 000000000..cca63e09f --- /dev/null +++ b/changes/ce/fix-13389.en.md @@ -0,0 +1,3 @@ +Fixed that the `Derived Key Length` for `pbkdf2` could be set to a negative integer. + +Fixed topics in the authorization rules might be parsed incorrectly.