mqtt: reject overly big messages

Reported-by: Jiyong Yang Closes #19415
2026-04-14 13:01:42 +08:00 · 2025-11-09 11:12:06 +01:00 · 2025-11-09 11:12:06 +01:00 · 92fd791f31
commit 92fd791f31
parent a002c50510
1 changed files with 4 additions and 0 deletions
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@ -582,6 +582,8 @@ fail:
  return result;
 }

+#define MAX_MQTT_MESSAGE_SIZE 0xFFFFFFF
+
 static CURLcode mqtt_publish(struct Curl_easy *data)
 {
  CURLcode result;
@ -611,6 +613,8 @@ static CURLcode mqtt_publish(struct Curl_easy *data)

  remaininglength = payloadlen + 2 + topiclen;
  encodelen = mqtt_encode_len(encodedbytes, remaininglength);
+  if(MAX_MQTT_MESSAGE_SIZE - remaininglength - 1 < encodelen)
+    return CURLE_TOO_LARGE;

  /* add the control byte and the encoded remaining length */
  pkt = malloc(remaininglength + 1 + encodelen);