fix(security): prevent _parseByte to throw (#107)

* fix(security): prevent _parseByte to throw

Ref: moscajs/aedes#612

* fix: emit error when type parse fails

* fix: add test

parser.js

@@ -602,8 +602,11 @@ class Parser extends EventEmitter {
   }
 
   _parseByte () {
-    const result = this._list.readUInt8(this._pos)
-    this._pos++
+    let result
+    if (this._pos < this._list.length) {
+      result = this._list.readUInt8(this._pos)
+      this._pos++
+    }
     debug('_parseByte: result: %o', result)
     return result
   }
@@ -646,6 +649,10 @@ class Parser extends EventEmitter {
     const result = {}
     while (this._pos < end) {
       const type = this._parseByte()
+      if (!type) {
+        this._emitError(new Error('Cannot parse property code type'))
+        return false
+      }
       const name = constants.propertiesCodes[type]
       if (!name) {
         this._emitError(new Error('Unknown property'))

test.js

@@ -572,9 +572,9 @@ testParseGenerateDefaults('no clientId with 5.0', {
   clean: true,
   keepalive: 60,
   properties:
-    {
-      receiveMaximum: 20
-    },
+  {
+    receiveMaximum: 20
+  },
   clientId: ''
 }, Buffer.from(
   [16, 16, 0, 4, 77, 81, 84, 84, 5, 2, 0, 60, 3, 33, 0, 20, 0, 0]
@@ -2690,6 +2690,27 @@ testParseError('Malformed Subscribe Payload', Buffer.from([
   0 // requested QoS
 ]))
 
+test('Cannot parse property code type', t => {
+  const packets = Buffer.from([
+    16, 16, 0, 4, 77, 81, 84, 84, 5, 2, 0, 60, 3, 33, 0, 20, 0, 0, 98, 2, 211, 1, 224, 2, 0, 32
+  ])
+
+  t.plan(3)
+
+  const parser = mqtt.parser()
+
+  parser.on('error', err => {
+    t.equal(err.message, 'Cannot parse property code type', 'expected error message')
+    t.end()
+  })
+
+  parser.on('packet', (packet) => {
+    t.pass('Packet parsed')
+  })
+
+  parser.parse(packets)
+})
+
 testWriteToStreamError('Invalid command', {
   cmd: 'invalid'
 })