@@ -1509,11 +1509,13 @@ static int BrokerSubs_Add(MqttBroker* broker, BrokerClient* bc,
15091509 rc = MQTT_CODE_ERROR_MEMORY ;
15101510 }
15111511 if (rc == MQTT_CODE_SUCCESS ) {
1512- XMEMSET (sub , 0 , sizeof (* sub ));
1513- sub -> in_use = 1 ;
15141512 if (filter_len >= BROKER_MAX_FILTER_LEN ) {
1515- filter_len = BROKER_MAX_FILTER_LEN - 1 ;
1513+ rc = MQTT_CODE_ERROR_OUT_OF_BUFFER ;
15161514 }
1515+ }
1516+ if (rc == MQTT_CODE_SUCCESS ) {
1517+ XMEMSET (sub , 0 , sizeof (* sub ));
1518+ sub -> in_use = 1 ;
15171519 XMEMCPY (sub -> filter , filter , filter_len );
15181520 sub -> filter [filter_len ] = '\0' ;
15191521 }
@@ -1830,20 +1832,22 @@ static int BrokerRetained_Store(MqttBroker* broker, const char* topic,
18301832 }
18311833 if (rc == MQTT_CODE_SUCCESS ) {
18321834 int tlen = (int )XSTRLEN (topic );
1833- XMEMSET (msg , 0 , sizeof (* msg ));
1834- msg -> in_use = 1 ;
18351835 if (tlen >= BROKER_MAX_TOPIC_LEN ) {
1836- tlen = BROKER_MAX_TOPIC_LEN - 1 ;
1836+ rc = MQTT_CODE_ERROR_OUT_OF_BUFFER ;
18371837 }
1838- XMEMCPY (msg -> topic , topic , (size_t )tlen );
1839- msg -> topic [tlen ] = '\0' ;
1840- if (payload_len > 0 && payload != NULL ) {
1841- if (payload_len > BROKER_MAX_PAYLOAD_LEN ) {
1842- payload_len = BROKER_MAX_PAYLOAD_LEN ;
1838+ else if (payload_len > BROKER_MAX_PAYLOAD_LEN ) {
1839+ rc = MQTT_CODE_ERROR_OUT_OF_BUFFER ;
1840+ }
1841+ if (rc == MQTT_CODE_SUCCESS ) {
1842+ XMEMSET (msg , 0 , sizeof (* msg ));
1843+ msg -> in_use = 1 ;
1844+ XMEMCPY (msg -> topic , topic , (size_t )tlen );
1845+ msg -> topic [tlen ] = '\0' ;
1846+ if (payload_len > 0 && payload != NULL ) {
1847+ XMEMCPY (msg -> payload , payload , payload_len );
18431848 }
1844- XMEMCPY ( msg -> payload , payload , payload_len ) ;
1849+ msg -> payload_len = payload_len ;
18451850 }
1846- msg -> payload_len = payload_len ;
18471851 }
18481852 }
18491853#else
@@ -2054,31 +2058,29 @@ static int BrokerPendingWill_Add(MqttBroker* broker, BrokerClient* bc)
20542058 rc = MQTT_CODE_ERROR_MEMORY ;
20552059 }
20562060 if (rc == MQTT_CODE_SUCCESS ) {
2057- XMEMSET (pw , 0 , sizeof (* pw ));
2058- pw -> in_use = 1 ;
2059- {
2060- int len = (int )XSTRLEN (bc -> client_id );
2061- if (len >= BROKER_MAX_CLIENT_ID_LEN ) {
2062- len = BROKER_MAX_CLIENT_ID_LEN - 1 ;
2063- }
2064- XMEMCPY (pw -> client_id , bc -> client_id , len );
2065- pw -> client_id [len ] = '\0' ;
2061+ int id_len = (int )XSTRLEN (bc -> client_id );
2062+ int t_len = (int )XSTRLEN (bc -> will_topic );
2063+ if (id_len >= BROKER_MAX_CLIENT_ID_LEN ) {
2064+ rc = MQTT_CODE_ERROR_OUT_OF_BUFFER ;
20662065 }
2067- {
2068- int len = (int )XSTRLEN (bc -> will_topic );
2069- if (len >= BROKER_MAX_TOPIC_LEN ) {
2070- len = BROKER_MAX_TOPIC_LEN - 1 ;
2071- }
2072- XMEMCPY (pw -> topic , bc -> will_topic , len );
2073- pw -> topic [len ] = '\0' ;
2066+ else if (t_len >= BROKER_MAX_TOPIC_LEN ) {
2067+ rc = MQTT_CODE_ERROR_OUT_OF_BUFFER ;
20742068 }
2075- if (bc -> will_payload_len > 0 ) {
2076- word16 len = bc -> will_payload_len ;
2077- if (len > BROKER_MAX_WILL_PAYLOAD_LEN ) {
2078- len = BROKER_MAX_WILL_PAYLOAD_LEN ;
2069+ else if (bc -> will_payload_len > BROKER_MAX_WILL_PAYLOAD_LEN ) {
2070+ rc = MQTT_CODE_ERROR_OUT_OF_BUFFER ;
2071+ }
2072+ if (rc == MQTT_CODE_SUCCESS ) {
2073+ XMEMSET (pw , 0 , sizeof (* pw ));
2074+ pw -> in_use = 1 ;
2075+ XMEMCPY (pw -> client_id , bc -> client_id , id_len );
2076+ pw -> client_id [id_len ] = '\0' ;
2077+ XMEMCPY (pw -> topic , bc -> will_topic , t_len );
2078+ pw -> topic [t_len ] = '\0' ;
2079+ if (bc -> will_payload_len > 0 ) {
2080+ XMEMCPY (pw -> payload , bc -> will_payload ,
2081+ bc -> will_payload_len );
2082+ pw -> payload_len = bc -> will_payload_len ;
20792083 }
2080- XMEMCPY (pw -> payload , bc -> will_payload , len );
2081- pw -> payload_len = len ;
20822084 }
20832085 }
20842086 }
0 commit comments