From 87149c8383f7cdc85cd4780256afc1b5a923bac8 Mon Sep 17 00:00:00 2001 From: x2018 Date: Sun, 9 Nov 2025 19:19:13 +0800 Subject: [PATCH] mqtt: properly handle the message which exceeds maxsize We should goto fail as topic is allocated. Follow-up to 92fd791 Closes #19417 --- lib/mqtt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/mqtt.c b/lib/mqtt.c index bac319e63a..713e4aa02c 100644 --- a/lib/mqtt.c +++ b/lib/mqtt.c @@ -613,8 +613,10 @@ static CURLcode mqtt_publish(struct Curl_easy *data) remaininglength = payloadlen + 2 + topiclen; encodelen = mqtt_encode_len(encodedbytes, remaininglength); - if(MAX_MQTT_MESSAGE_SIZE - remaininglength - 1 < encodelen) - return CURLE_TOO_LARGE; + if(MAX_MQTT_MESSAGE_SIZE - remaininglength - 1 < encodelen) { + result = CURLE_TOO_LARGE; + goto fail; + } /* add the control byte and the encoded remaining length */ pkt = malloc(remaininglength + 1 + encodelen);