From 664ca4eb16c81f37f4a50f15ec33404bf2edd2e6 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Thu, 27 Feb 2025 16:31:00 +0000
Subject: [PATCH] Further fix for CVE-2023-28366.

---
 ChangeLog.txt     | 1 +
 lib/packet_mosq.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index b5a72307e..e317f4383 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -4,6 +4,7 @@
 Security:
 - Fix leak on malicious SUBSCRIBE by authenticated client.
   Closes eclipse #248.
+- Further fix for CVE-2023-28366.
 
 Broker:
 - Fix clients sending a RESERVED packet not being quickly disconnected.
diff --git a/lib/packet_mosq.c b/lib/packet_mosq.c
index 4d2f4fe68..d2335021b 100644
--- a/lib/packet_mosq.c
+++ b/lib/packet_mosq.c
@@ -155,6 +155,7 @@ int packet__queue(struct mosquitto *mosq, struct mosquitto__packet *packet)
 
 #ifdef WITH_BROKER
 	if(db.config->max_queued_messages > 0 && mosq->out_packet_count >= db.config->max_queued_messages){
+		packet__cleanup(packet);
 		mosquitto__free(packet);
 		if(mosq->is_dropping == false){
 			mosq->is_dropping = true;