mqtt: reject overly big messages

author Daniel Stenberg <daniel@haxx.se>

Sun, 9 Nov 2025 10:12:06 +0000 (11:12 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Sun, 9 Nov 2025 10:40:28 +0000 (11:40 +0100)
author Daniel Stenberg <daniel@haxx.se>
Sun, 9 Nov 2025 10:12:06 +0000 (11:12 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Sun, 9 Nov 2025 10:40:28 +0000 (11:40 +0100)
diff --git a/lib/mqtt.c b/lib/mqtt.c

index 0bf956c05bd414b668c029ba424d7495c4653d5e..bac319e63a4c4ab65db07f85ce18d5ee16979085 100644 (file)
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -582,6 +582,8 @@ fail:
    return result;
  }
  
+#define MAX_MQTT_MESSAGE_SIZE 0xFFFFFFF
+
  static CURLcode mqtt_publish(struct Curl_easy *data)
  {
    CURLcode result;
@@ -611,6 +613,8 @@ static CURLcode mqtt_publish(struct Curl_easy *data)
  
    remaininglength = payloadlen + 2 + topiclen;
    encodelen = mqtt_encode_len(encodedbytes, remaininglength);
+  if(MAX_MQTT_MESSAGE_SIZE - remaininglength - 1 < encodelen)
+    return CURLE_TOO_LARGE;
  
    /* add the control byte and the encoded remaining length */
    pkt = malloc(remaininglength + 1 + encodelen);
author	Daniel Stenberg <daniel@haxx.se>
	Sun, 9 Nov 2025 10:12:06 +0000 (11:12 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Sun, 9 Nov 2025 10:40:28 +0000 (11:40 +0100)