From f15b86158bead763ea1824eb2e7f55eeec5ba71e Mon Sep 17 00:00:00 2001
From: Alexandru-Ioan Pop <aip.messages@yahoo.co.uk>
Date: Sun, 12 Mar 2017 20:59:00 +0000
Subject: [PATCH] Check broker IP conversion. Adjust state machine accordingly

The result of converting the IP address of the broker wasn't checked. As a result, the pointer was left uninitialised and the IPv6 address used for connecting was some random data. The function now returns an error. Before connect_to_broker is called, mqtt_register is executed, which memsets conn to 0, making its state 0 (MQTT_CONN_STATE_ERROR). In order to recover from this error state, the extra check was added in the MQTT_CLIENT_STATE_NEWCONFIG state.

This was discovered using [CodeSonar](https://www.grammatech.com/products/codesonar)
---
 apps/mqtt/mqtt.c                              |  4 +++-
 examples/cc26xx/cc26xx-web-demo/mqtt-client.c | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/apps/mqtt/mqtt.c b/apps/mqtt/mqtt.c
index 0be8e83bc..5ef4cbca3 100644
--- a/apps/mqtt/mqtt.c
+++ b/apps/mqtt/mqtt.c
@@ -1333,7 +1333,9 @@ mqtt_connect(struct mqtt_connection *conn, char *host, uint16_t port,
   conn->connect_vhdr_flags |= MQTT_VHDR_CLEAN_SESSION_FLAG;
 
   /* convert the string IPv6 address to a numeric IPv6 address */
-  uiplib_ip6addrconv(host, &ip6addr);
+  if(uiplib_ip6addrconv(host, &ip6addr) == 0) {
+    return MQTT_STATUS_ERROR;
+  }
 
   uip_ipaddr_copy(&(conn->server_ip), ipaddr);
 
diff --git a/examples/cc26xx/cc26xx-web-demo/mqtt-client.c b/examples/cc26xx/cc26xx-web-demo/mqtt-client.c
index cf60d6c63..e45378264 100644
--- a/examples/cc26xx/cc26xx-web-demo/mqtt-client.c
+++ b/examples/cc26xx/cc26xx-web-demo/mqtt-client.c
@@ -698,10 +698,15 @@ static void
 connect_to_broker(void)
 {
   /* Connect to MQTT server */
-  mqtt_connect(&conn, conf->broker_ip, conf->broker_port,
-               conf->pub_interval * 3);
+  mqtt_status_t conn_attempt_result = mqtt_connect(&conn, conf->broker_ip,
+                                                   conf->broker_port,
+                                                   conf->pub_interval * 3);
 
-  state = MQTT_CLIENT_STATE_CONNECTING;
+  if(conn_attempt_result == MQTT_STATUS_OK) {
+    state = MQTT_CLIENT_STATE_CONNECTING;
+  } else {
+    state = MQTT_CLIENT_STATE_CONFIG_ERROR;
+  }
 }
 /*---------------------------------------------------------------------------*/
 static void
@@ -827,8 +832,8 @@ state_machine(void)
     }
     break;
   case MQTT_CLIENT_STATE_NEWCONFIG:
-    /* Only update config after we have disconnected */
-    if(conn.state == MQTT_CONN_STATE_NOT_CONNECTED) {
+    /* Only update config after we have disconnected or in the case of an error */
+    if(conn.state == MQTT_CONN_STATE_NOT_CONNECTED || conn.state == MQTT_CONN_STATE_ERROR) {
       update_config();
       DBG("New config\n");