Fix string prop OOB read

wolfSSL / wolfMQTT

wolfMQTT is a small, fast, portable MQTT client implementation, including support for TLS 1.3.

https://www.wolfssl.com

GNU General Public License v2.0

518 stars 156 forks source link

Closed embhorn closed 4 months ago

embhorn commented 5 months ago

Check status and full size of MqttDecode_String against buf length.

Also check all lengths before calling MqttDecode_Vbi

Fixes zd17257

OSS-Fuzz #46212: wolfMQTT: Out-of-bounds read on i386

embhorn commented 4 months ago

Fix has been confirmed by Guido