Great, thanks! Yes, it is the same in Raring but my plan was to fix it by getting a more up to date version included. I've made some changes to the packaging that reduce the differences between Debian and Ubuntu and was leaving it a while before attempting to push it to experimental/directly to Raring in case any problems popped up.
-- You received this bug notification because you are a member of Mosquitto Development, which is subscribed to mosquitto. https://bugs.launchpad.net/bugs/972389 Title: Mosquitto crashes using bad version of protocol Status in mosquitto: an mqtt message broker: Fix Released Status in “mosquitto” package in Ubuntu: Fix Released Status in “mosquitto” source package in Precise: In Progress Status in “mosquitto” source package in Quantal: In Progress Bug description: [Impact] Remote clients can cause the broker to crash, meaning a DoS for other clients. The bug is caused by a double free() so no chance of buffer overrun or other security issue. [Fix] Remove the incorrect memory free call. [Test Case] [Regression Potential] This case is now tested for as part of the continuous integration testing of upstream. [Original Report] Hi! I'm developing my own MQTT library and I'm testing with Mosquitto Broker. If I use 0x02 instead of 0x03 as version of protocol, Mosquitto crashes: 1333455622: New connection from 192.168.10.114. 1333455622: Invalid protocol version 2 in CONNECT from 192.168.10.114. 1333455622: Socket read error on client (null), disconnecting. *** glibc detected *** /usr/local/sbin/mosquitto: malloc(): smallbin double linked list corrupted: 0x018a83f8 *** To manage notifications about this bug go to: https://bugs.launchpad.net/mosquitto/+bug/972389/+subscriptions -- Mailing list: https://launchpad.net/~mosquitto-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~mosquitto-devel More help : https://help.launchpad.net/ListHelp
