From bb7619897e53ed424e0712ca5a4c93d5fae99715 Mon Sep 17 00:00:00 2001 From: z2_ on hackerone <> Date: Tue, 24 Aug 2021 09:50:33 +0200 Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds CVE-2021-22945 Bug: https://curl.se/docs/CVE-2021-22945.html Upstream-commit: 43157490a5054bd24256fe12876931e8abc9df49 Signed-off-by: Kamil Dudka --- lib/mqtt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/mqtt.c b/lib/mqtt.c index d88fa73..f3fc045 100644 --- a/lib/mqtt.c +++ b/lib/mqtt.c @@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, mq->sendleftovers = sendleftovers; mq->nsend = nsend; } + else { + mq->sendleftovers = NULL; + mq->nsend = 0; + } return result; } -- 2.31.1