-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some protocol violations or bugs in Mosquitto #3052
Comments
According to the specification of MQTTv5.0:
But if we send such a packet that contains no topic filter to the broker:
Mosquitto unexpectedly returned a response message instead of rejecting or breaking the connection. |
According to the specification of MQTTv5.0:
Similarly, we send a Subscribe message that does not contain any topic filters
|
According to the specification of MQTTv5.0:
Send such a packet:
Mosquitto expected that such a request should be denied, but received it. |
However, if we send such packet like:
Mosquitto ignored the response topic value in the PUBLISH message and then returned the corresponding PUBREC response message. |
According to this description, when the Payload Format Indicator in the PUBLISH message is set to 1, the payload in the PUBLISH message must be UTF-8 encoded. However, it appears that Mosquitto does not validate this. PoC:
|
Similarity,
According to this description, when the Payload Format Indicator in the CONNECT message is set to 1, the will message in the CONNECT message must be UTF-8 encoded. However, it appears that Mosquitto does not validate this. POC:
|
If we send a packet the shared topic is "$share/{ShareName}/", i.e., filter is empty, and the broker will not reject it. Packet:
|
But, if we send such an invalid packet to the broker, it responds to a SUBACK (code: successful) message rather than reject.
|
In MQTT 5.0, the requester can specify an expected Response Topic in the request message. After taking appropriate action based on the request message, the responder publishes a response message to the Response Topic carried in the request. If the requester has subscribed to that Response Topic, it will receive the response. Ref 1: https://www.emqx.com/en/blog/mqtt5-request-response In MQTT 5.0, I believe this property field should not be allowed to be empty, because it will play a role in message transmission in some scenarios. Packet:
|
Hi, I have found some protocol specification violations in Mosquitto, attached below are the details.
The version of Mosquitto: version 2.0.18
The version of the Operating System: Ubuntu 24.04
The text was updated successfully, but these errors were encountered: