From 19483938de0dd2356c6f9a0092b8917aa238df77 Mon Sep 17 00:00:00 2001 From: z2_ on hackerone <> Date: Tue, 24 Aug 2021 09:50:33 +0200 Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds CVE-2021-22945 Bug: https://curl.se/docs/CVE-2021-22945.html --- lib/mqtt.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/lib/mqtt.c +++ b/lib/mqtt.c @@ -124,6 +124,10 @@ static CURLcode mqtt_send(struct connect mq->sendleftovers = sendleftovers; mq->nsend = nsend; } + else { + mq->sendleftovers = NULL; + mq->nsend = 0; + } return result; }