Ubuntu
mosquitto package

Mosquitto 1.3.4 has a memory leak

Bug #1423037 reported by Roger Light
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mosquitto (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

If a client publishes to the broker using a topic with a leading slash, e.g. "/foo" this can lead to a memory leak.

The problem is fixed in v1.3.5 or v1.4, the best thing would be to update to either of those. I have prepared a new branch with support for 1.4.

Related branches

lp:~roger.light/ubuntu/vivid/mosquitto/fix-for-1423037
Daniel Holbach (community): Needs Fixing
Diff: 32988 lines (+9265/-15376)
320 files modified
.pc/applied-patches (+0/-7)
.pc/disable-bad-test.patch/test/lib/Makefile (+0/-48)
.pc/disable-in-tree-uthash.patch/src/uthash.h (+0/-948)
.pc/enable-libwrap.patch/config.mk (+0/-219)
.pc/fix-prefix.patch/config.mk (+0/-219)
.pc/install-apparmor.patch/Makefile (+0/-70)
.pc/nostrip.patch/client/Makefile (+0/-34)
.pc/nostrip.patch/lib/Makefile (+0/-99)
.pc/nostrip.patch/lib/cpp/Makefile (+0/-31)
.pc/nostrip.patch/src/Makefile (+0/-118)
.pc/pynomake.patch/config.mk (+0/-219)
CMakeLists.txt (+24/-5)
CONTRIBUTING.md (+100/-0)
ChangeLog.txt (+117/-4)
LICENSE-3rd-party.txt (+0/-666)
LICENSE.txt (+2/-54)
Makefile (+6/-5)
about.html (+41/-0)
changeset (+0/-1)
client/CMakeLists.txt (+4/-2)
client/Makefile (+11/-8)
client/client_shared.c (+957/-0)
client/client_shared.h (+97/-0)
client/pub_client.c (+66/-457)
client/sub_client.c (+83/-477)
compiling.txt (+3/-1)
config.h (+8/-1)
config.mk (+49/-22)
debian/changelog (+15/-0)
debian/control (+2/-29)
debian/copyright (+245/-20)
debian/libmosquitto1.symbols (+1/-0)
debian/libmosquittopp1.symbols (+11/-7)
debian/mosquitto.postinst (+5/-1)
debian/patches/disable-bad-test.patch (+0/-13)
debian/patches/enable-libwrap.patch (+1/-1)
debian/patches/enable-websockets.patch (+14/-0)
debian/patches/fix-prefix.patch (+2/-2)
debian/patches/install-apparmor.patch (+3/-5)
debian/patches/nostrip.patch (+8/-8)
debian/patches/pynomake.patch (+0/-14)
debian/patches/series (+1/-2)
debian/python-mosquitto.install (+0/-1)
debian/python3-mosquitto.install (+0/-1)
debian/rules (+1/-4)
edl-v10 (+31/-0)
epl-v10 (+221/-0)
examples/temperature_conversion/temperature_conversion.cpp (+4/-0)
installer/mosquitto-cygwin.nsi (+1/-10)
installer/mosquitto.nsi (+1/-10)
lib/CMakeLists.txt (+9/-2)
lib/Makefile (+23/-22)
lib/cpp/CMakeLists.txt (+1/-1)
lib/cpp/Makefile (+3/-3)
lib/cpp/mosquittopp.cpp (+29/-26)
lib/cpp/mosquittopp.h (+16/-33)
lib/jsws/mosquitto.js (+0/-363)
lib/linker.version (+9/-0)
lib/logging_mosq.c (+16/-29)
lib/logging_mosq.h (+14/-27)
lib/memory_mosq.c (+15/-28)
lib/memory_mosq.h (+14/-27)
lib/messages_mosq.c (+25/-41)
lib/messages_mosq.h (+15/-28)
lib/mosquitto.c (+178/-87)
lib/mosquitto.h (+142/-37)
lib/mosquitto_internal.h (+58/-41)
lib/mqtt3_protocol.h (+13/-26)
lib/net_mosq.c (+124/-61)
lib/net_mosq.h (+21/-33)
lib/python/Makefile (+0/-25)
lib/python/mosquitto.py (+0/-2079)
lib/python/setup.py (+0/-28)
lib/python/sub.py (+0/-66)
lib/read_handle.c (+23/-36)
lib/read_handle.h (+18/-27)
lib/read_handle_client.c (+21/-37)
lib/read_handle_shared.c (+29/-68)
lib/send_client_mosq.c (+76/-54)
lib/send_mosq.c (+32/-39)
lib/send_mosq.h (+17/-30)
lib/socks_mosq.c (+403/-0)
lib/socks_mosq.h (+23/-0)
lib/srv_mosq.c (+13/-26)
lib/thread_mosq.c (+23/-28)
lib/time_mosq.c (+13/-26)
lib/time_mosq.h (+13/-26)
lib/tls_mosq.c (+42/-28)
lib/tls_mosq.h (+13/-26)
lib/util_mosq.c (+43/-41)
lib/util_mosq.h (+21/-28)
lib/will_mosq.c (+24/-37)
lib/will_mosq.h (+15/-28)
man/Makefile (+7/-0)
man/html.xsl (+27/-0)
man/libmosquitto.3 (+4/-13)
man/libmosquitto.3.xml (+4/-16)
man/mosquitto-tls.7 (+2/-2)
man/mosquitto-tls.7.xml (+2/-2)
man/mosquitto.8 (+10/-20)
man/mosquitto.8.xml (+46/-58)
man/mosquitto.conf.5 (+139/-30)
man/mosquitto.conf.5.xml (+196/-42)
man/mosquitto_passwd.1 (+15/-10)
man/mosquitto_passwd.1.xml (+27/-14)
man/mosquitto_pub.1 (+51/-12)
man/mosquitto_pub.1.xml (+77/-17)
man/mosquitto_sub.1 (+59/-11)
man/mosquitto_sub.1.xml (+80/-16)
man/mqtt.7 (+2/-2)
man/mqtt.7.xml (+3/-3)
man/po/libmosquitto/libmosquitto.3.pot (+0/-609)
man/po/mosquitto-tls/mosquitto-tls.7.pot (+0/-140)
man/po/mosquitto.conf/mosquitto.conf.5.pot (+0/-1028)
man/po/mosquitto/mosquitto.8.pot (+0/-560)
man/po/mosquitto_pub/mosquitto_pub.1.pot (+0/-540)
man/po/mosquitto_sub/mosquitto_sub.1.pot (+0/-500)
man/po/mqtt/mqtt.7.pot (+0/-224)
mosquitto.conf (+101/-27)
notice.html (+108/-0)
readme-windows.txt (+0/-7)
readme.txt (+3/-9)
security/mosquitto.apparmor (+1/-1)
service/upstart/mosquitto.conf (+1/-1)
src/CMakeLists.txt (+29/-2)
src/Makefile (+35/-32)
src/bridge.c (+91/-84)
src/conf.c (+312/-107)
src/context.c (+84/-73)
src/database.c (+143/-140)
src/db_dump/Makefile (+2/-2)
src/db_dump/db_dump.c (+84/-70)
src/lib_load.h (+13/-26)
src/linker-macosx.syms (+1/-0)
src/linker.syms (+3/-0)
src/logging.c (+75/-36)
src/loop.c (+293/-190)
src/mosquitto.c (+146/-83)
src/mosquitto_broker.h (+112/-62)
src/mosquitto_passwd.c (+53/-41)
src/mosquitto_plugin.h (+55/-26)
src/net.c (+167/-180)
src/persist.c (+107/-116)
src/persist.h (+13/-26)
src/read_handle.c (+25/-38)
src/read_handle_client.c (+23/-39)
src/read_handle_server.c (+260/-227)
src/security.c (+50/-27)
src/security_default.c (+68/-82)
src/send_server.c (+17/-30)
src/service.c (+13/-26)
src/subs.c (+180/-151)
src/sys_tree.c (+41/-51)
src/uthash.h (+948/-0)
src/websockets.c (+596/-0)
test/broker/01-connect-anon-denied.py (+1/-3)
test/broker/01-connect-invalid-id-0-311.py (+2/-3)
test/broker/01-connect-invalid-id-0.py (+2/-3)
test/broker/01-connect-invalid-id-24.py (+0/-39)
test/broker/01-connect-invalid-id-missing.py (+2/-3)
test/broker/01-connect-invalid-protonum.py (+2/-3)
test/broker/01-connect-success.py (+2/-3)
test/broker/01-connect-uname-no-password-denied.py (+1/-3)
test/broker/01-connect-uname-password-denied.py (+1/-3)
test/broker/01-connect-uname-password-success-no-tls.conf (+3/-0)
test/broker/01-connect-uname-password-success-no-tls.pwfile (+1/-0)
test/broker/01-connect-uname-password-success-no-tls.py (+38/-0)
test/broker/01-connect-uname-password-success.py (+1/-3)
test/broker/02-subpub-qos0.py (+2/-3)
test/broker/02-subpub-qos1.py (+2/-3)
test/broker/02-subpub-qos2.py (+2/-3)
test/broker/02-subscribe-qos0.py (+2/-1)
test/broker/02-subscribe-qos1.py (+2/-3)
test/broker/02-subscribe-qos2.py (+2/-3)
test/broker/02-unsubscribe-qos0.py (+2/-3)
test/broker/02-unsubscribe-qos1.py (+2/-3)
test/broker/02-unsubscribe-qos2.py (+2/-3)
test/broker/03-publish-b2c-disconnect-qos1.py (+1/-3)
test/broker/03-publish-b2c-disconnect-qos2.py (+2/-5)
test/broker/03-publish-b2c-timeout-qos1.py (+1/-3)
test/broker/03-publish-b2c-timeout-qos2.py (+2/-5)
test/broker/03-publish-c2b-disconnect-qos2.py (+1/-6)
test/broker/03-publish-c2b-timeout-qos2.py (+1/-3)
test/broker/03-publish-qos1.py (+2/-3)
test/broker/03-publish-qos2.py (+2/-3)
test/broker/04-retain-qos0-clear.py (+2/-3)
test/broker/04-retain-qos0-fresh.py (+2/-3)
test/broker/04-retain-qos0-repeated.py (+3/-4)
test/broker/04-retain-qos0.py (+2/-3)
test/broker/04-retain-qos1-qos0.py (+2/-3)
test/broker/05-clean-session-qos1.py (+2/-3)
test/broker/06-bridge-b2br-disconnect-qos1.py (+1/-3)
test/broker/06-bridge-b2br-disconnect-qos2.py (+1/-3)
test/broker/06-bridge-br2b-disconnect-qos1.py (+1/-3)
test/broker/06-bridge-br2b-disconnect-qos2.py (+2/-5)
test/broker/06-bridge-reconnect-local-out.py (+19/-7)
test/broker/07-will-acl-denied.acl (+0/-2)
test/broker/07-will-acl-denied.conf (+0/-2)
test/broker/07-will-acl-denied.py (+0/-42)
test/broker/07-will-null-topic.py (+2/-3)
test/broker/07-will-null.py (+2/-3)
test/broker/07-will-qos0.py (+2/-3)
test/broker/08-ssl-bridge.py (+1/-3)
test/broker/08-ssl-connect-cert-auth-crl.conf (+2/-2)
test/broker/08-ssl-connect-cert-auth-crl.py (+1/-3)
test/broker/08-ssl-connect-cert-auth-expired.conf (+2/-2)
test/broker/08-ssl-connect-cert-auth-expired.py (+2/-3)
test/broker/08-ssl-connect-cert-auth-revoked.conf (+2/-2)
test/broker/08-ssl-connect-cert-auth-revoked.py (+2/-3)
test/broker/08-ssl-connect-cert-auth-without.conf (+2/-2)
test/broker/08-ssl-connect-cert-auth-without.py (+2/-3)
test/broker/08-ssl-connect-cert-auth.conf (+3/-2)
test/broker/08-ssl-connect-cert-auth.py (+1/-3)
test/broker/08-ssl-connect-identity.conf (+2/-2)
test/broker/08-ssl-connect-identity.py (+2/-3)
test/broker/08-ssl-connect-no-auth-wrong-ca.conf (+2/-2)
test/broker/08-ssl-connect-no-auth-wrong-ca.py (+2/-3)
test/broker/08-ssl-connect-no-auth.conf (+2/-2)
test/broker/08-ssl-connect-no-auth.py (+1/-3)
test/broker/08-ssl-connect-no-identity.conf (+2/-2)
test/broker/08-ssl-connect-no-identity.py (+2/-3)
test/broker/08-tls-psk-bridge.conf (+0/-2)
test/broker/08-tls-psk-bridge.conf2 (+0/-1)
test/broker/08-tls-psk-bridge.py (+5/-4)
test/broker/08-tls-psk-pub.conf (+0/-1)
test/broker/08-tls-psk-pub.py (+1/-3)
test/broker/09-plugin-auth-unpwd-fail.py (+1/-3)
test/broker/09-plugin-auth-unpwd-success.py (+1/-3)
test/broker/10-listener-mount-point.py (+1/-3)
test/broker/Makefile (+10/-4)
test/lib/01-con-discon-success.py (+2/-2)
test/lib/01-keepalive-pingreq.py (+1/-1)
test/lib/01-no-clean-session.py (+1/-1)
test/lib/01-unpwd-set.py (+1/-1)
test/lib/01-will-set.py (+1/-1)
test/lib/01-will-unpwd-set.py (+1/-1)
test/lib/02-subscribe-qos0.py (+1/-1)
test/lib/02-subscribe-qos1.py (+1/-1)
test/lib/02-subscribe-qos2.py (+1/-1)
test/lib/02-unsubscribe.py (+1/-1)
test/lib/03-publish-b2c-qos1.py (+1/-1)
test/lib/03-publish-b2c-qos2.py (+1/-1)
test/lib/03-publish-c2b-qos1-disconnect.py (+1/-1)
test/lib/03-publish-c2b-qos1-timeout.py (+1/-1)
test/lib/03-publish-c2b-qos2-disconnect.py (+2/-3)
test/lib/03-publish-c2b-qos2-timeout.py (+2/-3)
test/lib/03-publish-c2b-qos2.py (+1/-1)
test/lib/03-publish-qos0-no-payload.py (+1/-1)
test/lib/03-publish-qos0.py (+1/-1)
test/lib/04-retain-qos0.py (+1/-1)
test/lib/08-ssl-bad-cacert.py (+1/-1)
test/lib/08-ssl-connect-cert-auth-enc.py (+73/-0)
test/lib/08-ssl-connect-cert-auth.py (+1/-1)
test/lib/08-ssl-connect-no-auth.py (+1/-1)
test/lib/08-ssl-fake-cacert.py (+1/-1)
test/lib/09-util-topic-matching.py (+2/-1)
test/lib/09-util-topic-tokenise.py (+2/-1)
test/lib/Makefile (+9/-3)
test/lib/c/08-ssl-connect-cert-auth-enc.c (+53/-0)
test/lib/c/Makefile (+4/-1)
test/lib/cpp/08-ssl-connect-cert-auth-enc.cpp (+62/-0)
test/lib/cpp/Makefile (+4/-1)
test/lib/python/01-con-discon-success.test (+0/-33)
test/lib/python/01-keepalive-pingreq.test (+0/-25)
test/lib/python/01-no-clean-session.test (+0/-12)
test/lib/python/01-unpwd-set.test (+0/-13)
test/lib/python/01-will-set.test (+0/-13)
test/lib/python/01-will-unpwd-set.test (+0/-14)
test/lib/python/02-subscribe-qos0.test (+0/-35)
test/lib/python/02-subscribe-qos1.test (+0/-35)
test/lib/python/02-subscribe-qos2.test (+0/-35)
test/lib/python/02-unsubscribe.test (+0/-35)
test/lib/python/03-publish-b2c-qos1.test (+0/-45)
test/lib/python/03-publish-b2c-qos2.test (+0/-48)
test/lib/python/03-publish-c2b-qos1-disconnect.test (+0/-48)
test/lib/python/03-publish-c2b-qos1-timeout.test (+0/-44)
test/lib/python/03-publish-c2b-qos2-disconnect.test (+0/-44)
test/lib/python/03-publish-c2b-qos2-timeout.test (+0/-37)
test/lib/python/03-publish-c2b-qos2.test (+0/-36)
test/lib/python/03-publish-qos0-no-payload.test (+0/-36)
test/lib/python/03-publish-qos0.test (+0/-36)
test/lib/python/04-retain-qos0.test (+0/-27)
test/lib/python/08-ssl-bad-cacert.test (+0/-23)
test/lib/python/08-ssl-connect-cert-auth.test (+0/-37)
test/lib/python/08-ssl-connect-no-auth.test (+0/-38)
test/lib/python/08-ssl-fake-cacert.test (+0/-32)
test/lib/python/09-util-topic-matching.test (+0/-31)
test/lib/python/09-util-topic-tokenise.test (+0/-5)
test/lib/python3/01-con-discon-success.test (+0/-33)
test/lib/python3/01-keepalive-pingreq.test (+0/-25)
test/lib/python3/01-no-clean-session.test (+0/-12)
test/lib/python3/01-unpwd-set.test (+0/-13)
test/lib/python3/01-will-set.test (+0/-13)
test/lib/python3/01-will-unpwd-set.test (+0/-14)
test/lib/python3/02-subscribe-qos0.test (+0/-35)
test/lib/python3/02-subscribe-qos1.test (+0/-35)
test/lib/python3/02-subscribe-qos2.test (+0/-35)
test/lib/python3/02-unsubscribe.test (+0/-35)
test/lib/python3/03-publish-b2c-qos1.test (+0/-45)
test/lib/python3/03-publish-b2c-qos2.test (+0/-48)
test/lib/python3/03-publish-c2b-qos1-disconnect.test (+0/-48)
test/lib/python3/03-publish-c2b-qos1-timeout.test (+0/-44)
test/lib/python3/03-publish-c2b-qos2-disconnect.test (+0/-44)
test/lib/python3/03-publish-c2b-qos2-timeout.test (+0/-37)
test/lib/python3/03-publish-c2b-qos2.test (+0/-36)
test/lib/python3/03-publish-qos0-no-payload.test (+0/-36)
test/lib/python3/03-publish-qos0.test (+0/-36)
test/lib/python3/04-retain-qos0.test (+0/-27)
test/lib/python3/08-ssl-bad-cacert.test (+0/-23)
test/lib/python3/08-ssl-connect-cert-auth.test (+0/-34)
test/lib/python3/08-ssl-connect-no-auth.test (+0/-35)
test/lib/python3/08-ssl-fake-cacert.test (+0/-32)
test/lib/python3/09-util-topic-matching.test (+0/-31)
test/lib/python3/09-util-topic-tokenise.test (+0/-5)
test/mosq_test.py (+36/-0)
test/ssl/client-encrypted.crt (+59/-0)
test/ssl/client-encrypted.key (+18/-0)
test/ssl/gen.sh (+5/-0)
test/ssl/signingCA/index.txt (+1/-0)
test/ssl/signingCA/serial (+1/-1)
Revision history for this message
Roger Light (roger.light) wrote :

The proposed branch depends on bug #1422623.

tags: added: patch upgrade-software-version
Revision history for this message
Roger Light (roger.light) wrote :

This is a debdiff to update to version 1.4. It is the same as the bzr branch, but doesn't have the file conflicts of course.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "update.debdiff.bz2" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Some reviews on teh patch:
* You shouldn't add the binary dependency on libwebsockets3 explicitely on the binary package. ${shlibs:Depends} should expands automatically to it. (and you build-dep on libwebsockets). That way, it's easier to transition to the libwebsockets4 when it becomes available.
* if python isn't part of upstream release at all, you should remove as well:
  - X-Python-Version: >= 2.6
  - python-all build-dep.
* debian/mosquitto.postinst : the change isn't listed in debian/changelog, why this one?
* debian/patches/enable-websockets.patch:
   - please explain in the description a little bit more why the libwebsockets is needed (and states that explicitly in debian/changelog). Why shouldn't that we forwarded and enabled upstream?
* debian/upstream/signing-key.asc: this file changed without any reason, isn't it? Only the Version: header was removed, please don't change it then.

The feature freeze exception needs to explain why the websockets support added is risk-free and needed I guess.

Roger Light (roger.light)
Changed in mosquitto (Ubuntu):
status: New → Fix Committed
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Vivid is going EOL soon (in the next 2-3 weeks), and wily is fixed.

I don't see much effort in fixing something that will be EOL next month.

G.

Changed in mosquitto (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.