-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(rumqttd/protocol/v5): Parse ConnAck and UnsubAck packets instead of panicking #812
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Skyler Ross <[email protected]>
broker can never send a connect packet, and hence, it can never read an |
It's absolutely reachable, a non compliant (malicious) client can send a ConnAck/UnsubAck specifically because it knows a rumqttd broker is running (this happens before auth is checked, since checking auth requires reading a packet) and would panic the connection. Perhaps the correct course of action would instead be an error? I got the body of the fix from "do what v4 does" and it does the same thing (hence writing a PR instead of an issue): rumqtt/rumqttd/src/protocol/v4/mod.rs Line 318 in 8af9d88
rumqtt/rumqttd/src/protocol/v4/mod.rs Line 328 in 8af9d88
if this is undesirable a change to v4 parsing is required as well. |
oh yeah, you are right, we should not panic. Instead of error, lets parse it for now as you mentioned as do same in v4. can we move handling connack right after connect ( like in v4, and same for unsuback ). also, we can remove that for changelog, you can add under fix that "handle Connack and unsuback packets properly instead of panic" or something similar ( i'm not that good at this either haha ) thanks for pointing it out and the fix! |
Pull Request Test Coverage Report for Build 8208492265Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
Yeah, I can do all that. |
Signed-off-by: Skyler Ross <[email protected]>
hey @izik1 , this PR somehow slipped through, can you please fix the merge conflicts so that we can merge it? Thanks for understanding! |
If re-adding the
_ => unreachable!()
is desired, let me know. I can't think of any benefit to it so I removed it.Type of change
Checklist:
cargo fmt
CHANGELOG.md
if it's relevant to the users of the library. If it's not relevant mention why.