From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 15 Dec 2020 07:51:33 +0000 (+0100)
Subject: mqtt: deal with 0 byte reads correctly
X-Git-Tag: curl-7_75_0~239
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a259eee99f2a3d181f4d3254482707f4a0ec4747;p=thirdparty%2Fcurl.git

mqtt: deal with 0 byte reads correctly

OSS-Fuzz found it
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28676

Closes #6327
---

diff --git a/lib/mqtt.c b/lib/mqtt.c
index e324ec3dd7..a56c7d5eb2 100644
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -553,7 +553,7 @@ static CURLcode mqtt_doing(struct connectdata *conn, bool *done)
   case MQTT_FIRST:
     /* Read the initial byte only */
     result = Curl_read(conn, sockfd, (char *)&mq->firstbyte, 1, &nread);
-    if(result)
+    if(!nread)
       break;
     Curl_debug(data, CURLINFO_HEADER_IN, (char *)&mq->firstbyte, 1);
     /* remember the first byte */
@@ -563,7 +563,7 @@ static CURLcode mqtt_doing(struct connectdata *conn, bool *done)
   case MQTT_REMAINING_LENGTH:
     do {
       result = Curl_read(conn, sockfd, (char *)&byte, 1, &nread);
-      if(result)
+      if(!nread)
         break;
       Curl_debug(data, CURLINFO_HEADER_IN, (char *)&byte, 1);
       pkt[mq->npacket++] = byte;