From 1b867589e5bc556d0dc2fe40b6d135e8b007c404 Mon Sep 17 00:00:00 2001
From: tomoaki <tomoaki@tomy-tech.com>
Date: Thu, 18 May 2017 18:31:54 +0900
Subject: [PATCH] BugFix: Segmentation faultdue to incorrect ProtocolID of
 CONNECT. #53

Signed-off-by: tomoaki <tomoaki@tomy-tech.com>
---
 MQTTSNGateway/src/MQTTSNGWClientRecvTask.cpp | 10 ++++++++--
 MQTTSNPacket/src/MQTTSNConnectServer.c       |  4 ++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/MQTTSNGateway/src/MQTTSNGWClientRecvTask.cpp b/MQTTSNGateway/src/MQTTSNGWClientRecvTask.cpp
index d8c482a..83614cf 100644
--- a/MQTTSNGateway/src/MQTTSNGWClientRecvTask.cpp
+++ b/MQTTSNGateway/src/MQTTSNGWClientRecvTask.cpp
@@ -53,6 +53,7 @@ void ClientRecvTask::run()
 {
 	Event* ev = 0;
 	Client* client = 0;
+	char buf[128];
 
 	while (true)
 	{
@@ -106,14 +107,19 @@ void ClientRecvTask::run()
 			{
 				MQTTSNPacket_connectData data;
 				memset(&data, 0, sizeof(MQTTSNPacket_connectData));
-				packet->getCONNECT(&data);
+				if ( !packet->getCONNECT(&data) )
+				{
+					log(0, packet, &data.clientID);
+					WRITELOG("%s CONNECT message form %s is incorrect.%s\n", ERRMSG_HEADER, _sensorNetwork->getSenderAddress()->sprint(buf), ERRMSG_FOOTER);
+					delete packet;
+					continue;
+				}
 
 				/* create a client */
 				client = _gateway->getClientList()->createClient(_sensorNetwork->getSenderAddress(), &data.clientID, false, false);
 				log(client, packet, &data.clientID);
 				if (!client)
 				{
-					char buf[128];
 					WRITELOG("%s Client(%s) was rejected. CONNECT message has been discarded.%s\n", ERRMSG_HEADER, _sensorNetwork->getSenderAddress()->sprint(buf), ERRMSG_FOOTER);
 					delete packet;
 					continue;
diff --git a/MQTTSNPacket/src/MQTTSNConnectServer.c b/MQTTSNPacket/src/MQTTSNConnectServer.c
index 5dc24a9..0647bf2 100644
--- a/MQTTSNPacket/src/MQTTSNConnectServer.c
+++ b/MQTTSNPacket/src/MQTTSNConnectServer.c
@@ -38,7 +38,7 @@ int MQTTSNDeserialize_connect(MQTTSNPacket_connectData* data, unsigned char* buf
 	int mylen = 0;
 
 	FUNC_ENTRY;
-	curdata += (rc = MQTTSNPacket_decode(curdata, len, &mylen)); /* read length */
+	curdata += MQTTSNPacket_decode(curdata, len, &mylen); /* read length */
 	enddata = buf + mylen;
 	if (enddata - curdata < 2)
 		goto exit;
@@ -50,7 +50,7 @@ int MQTTSNDeserialize_connect(MQTTSNPacket_connectData* data, unsigned char* buf
 	data->cleansession = flags.bits.cleanSession;
 	data->willFlag = flags.bits.will;
 
-	if ((version = (int)readChar(&curdata)) != 1) /* Protocol version */
+	if ((version = (int)readChar(&curdata)) != MQTTSN_PROTOCOL_VERSION)
 		goto exit;
 
 	data->duration = readInt(&curdata);