-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Several protocol violations or bugs in EMQX #13045
Comments
According to the specification of MQTTv3.1.1:
Replay:
The expected behavior is to reject such erroneous packets, but emqx received and responded correctly. |
According to the specification of MQTTv3.1.1:
Replay:
|
According to the specification of MQTTv5:
Replay:
EMQX can return a 'Successful' Connect ACK message for this. |
According to the specification of MQTTv3.1.1:
Replay:
|
According to the specification of MQTTv5:
Replay:
|
According to the specification of MQTTv5.0:
Replay packet
|
According to the specification of MQTTv5.0:
If we send the follow CONNECT packet (the content type contains "0xff")
Unexpectedly, the server returned a successful response message and saved such properties. |
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
After testing, EMQX violates this rule.
|
Hello, Thanks, these are interesting finds. We'll implement stricter validation. |
According to the specification of MQTTv5.0:
However, the situation is different:
The expected behavior was considered illegal and the network connection was closed, but the corresponding request was unexpectedly received. |
According to the specification of MQTTv5.0:
Replay:
User names containing illegal UTF-8 hexadecimal characters, such as 0x8f, should theoretically be rejected by the broker. |
According to the specification of MQTTv5.0:
Replay:
The topic in PUBLISH, SUBSCRIBE, and UNSUBSCRIBE messages is "39321a" and it's not UTF-8 encoded. Note: Messages can be transmitted between SUBSCRIBE and PUBLISH. |
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv3.1.1:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
EMQX will return a PUBREC for PUBLISH messages and will also return a PINGRESP for subsequent PINGREQ, indicating that the PUBLISH messages have been received normally. |
According to the specification of MQTTv5.0:
Replay:
|
According to the specification of MQTTv5.0:
Replay:
EMQX explicitly violates this rule because the subscribing end that subscribes to the topic1 topic can receive this message. |
Hello @panhao410 , First of all, thanks for your work and for providing very detailed reproduction instructions. I did some digging, and there is a configuration parameter By default, |
Hi @panhao410 Thank you so much for your detailed report. IssuesUsername and password flags
We've deliberately allowed flexibility in EMQX to accommodate various configurations, such as using the client ID as a username, or extracting the username from the certificate's common name, etc.
Similarly, EMQX is designed to not strictly require a username even when this flag is set, as it can be overridden depending on the configuration. UTF-8 enforcementEMQX can be configured with High Priority FixesWe will fix issues that might lead to a "protocol error," such as:
Low Priority FixesSimilarly, we plan to address other less critical issues that could disrupt protocol compliance:
My thoughts in generalAs stated in MQTT v5 spec 4.3.13, the level of strictness in adhering to the MQTT specification and checking for errors in packets depends on practical considerations. Definitions of Malformed Packet and Protocol Errors are detailed in section 1.2 Terminology. The balance we seek in error checking is influenced by:
From my perspective, while these issues may not seem to cause practical harm to either the client or server, your insights are invaluable. I am eager to hear more from you, especially if you can provide practical scenarios where these issues might affect operations. |
Describe the bug
I found something on the EMQX that is contrary to the protocol specification description (protocol violation or logic bug).
For tracking purposes, I will report all results under this Issue.
Environment Details
Client SDK
If possible include the mqtt sdk you used to connect to emqx
Minimal C test cases are perferred.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: