Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MQTT ring buffer should be protected in subscribe callbacks #43

Closed
PhilDay-CT opened this issue Oct 16, 2024 · 3 comments
Closed

MQTT ring buffer should be protected in subscribe callbacks #43

PhilDay-CT opened this issue Oct 16, 2024 · 3 comments
Assignees
@hlef

Comments

@PhilDay-CT
Copy link
Contributor

PhilDay-CT commented Oct 16, 2024
edited
Loading

The MQTT subscribe callback gets passed a reference to part of the receive buffer used by coreMQTT for incoming messages. We should pass this as a read-only, non-capturable capabilty, since outside of the context of the callback it's content is not valid.
@hlef
Copy link
Collaborator

hlef commented Oct 18, 2024

Oops, sounds right, looks like I missed this. I added it to my TODO list, but go ahead if you want to do the fix!

@hlef hlef self-assigned this Oct 18, 2024
hlef added a commit that referenced this issue Oct 22, 2024
@hlef
mqtt: de-permission publish callback capabilities.
d216e33 
The `topic` and `payload` capabilities of the publish callback are only
valid within the context of the callback. They should thus passed as a
read-only, non-capturable capabilities.

Currently we pass them as capturable and writable capabilities, which
may allow API users to compromise the MQTT compartment.

This addresses issue #43.

Signed-off-by: Hugo Lefeuvre <[email protected]>
@hlef
Copy link
Collaborator

hlef commented Oct 22, 2024

Note: I fixed this in my hlefeuvre/bug-fixes branch, which I will PR once the server API has been merged.

@hlef hlef mentioned this issue Oct 24, 2024
Merged
hlef added a commit that referenced this issue Oct 24, 2024
@hlef
mqtt: de-permission publish callback capabilities.
e4875c4 
The `topic` and `payload` capabilities of the publish callback are only
valid within the context of the callback. They should thus passed as a
read-only, non-capturable capabilities.

Currently we pass them as capturable and writable capabilities, which
may allow API users to compromise the MQTT compartment.

This addresses issue #43.

Signed-off-by: Hugo Lefeuvre <[email protected]>
hlef added a commit that referenced this issue Oct 24, 2024
@hlef
mqtt: de-permission publish callback capabilities.
05a1ee6 
The `topic` and `payload` capabilities of the publish callback are only
valid within the context of the callback. They should thus passed as a
read-only, non-capturable capabilities.

Currently we pass them as capturable and writable capabilities, which
may allow API users to compromise the MQTT compartment.

This addresses issue #43.

Signed-off-by: Hugo Lefeuvre <[email protected]>
hlef added a commit that referenced this issue Oct 24, 2024
@hlef
mqtt: de-permission publish callback capabilities.
229ec5e 
The `topic` and `payload` capabilities of the publish callback are only
valid within the context of the callback. They should thus passed as a
read-only, non-capturable capabilities.

Currently we pass them as capturable and writable capabilities, which
may allow API users to compromise the MQTT compartment.

This addresses issue #43.

Signed-off-by: Hugo Lefeuvre <[email protected]>
hlef added a commit that referenced this issue Oct 29, 2024
@hlef
mqtt: de-permission publish callback capabilities.
9409c18 
The `topic` and `payload` capabilities of the publish callback are only
valid within the context of the callback. They should thus passed as a
read-only, non-capturable capabilities.

Currently we pass them as capturable and writable capabilities, which
may allow API users to compromise the MQTT compartment.

This addresses issue #43.

Signed-off-by: Hugo Lefeuvre <[email protected]>
@hlef
Copy link
Collaborator

hlef commented Nov 1, 2024

This was fixed as part of #46.

@hlef hlef closed this as completed Nov 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hlef hlef

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hlef @PhilDay-CT