Open pengwGit opened 3 weeks ago
Thank you for what you have done for RMQTT. I will try to reproduce this issue and fix it.
I couldn't reproduce this issue; it's possible that my testing method is incorrect. Could you please confirm your testing environment and methods again:
I deployed RMQTT and a fuzz testing tool FUME on the same node. These data packets sent by the same connection and does not need to be decoded. The tool URL:https://github.com/PBearson/FUME-Fuzzing-MQTT-Brokers
I used FUME but still couldn't reproduce the agent crash issue. The logs contain numerous entries: 'V5(BadAuthenticationMethod), reason: extended Auth is not supported' because the MQTT::Auth message hasn't been implemented yet.
I made some optimizations regarding encoding and decoding for ntex and ntex-mqtt and built rmqtt:0.4.1-rc1. If it's convenient for you, could you please perform another test based on rmqtt:0.4.1-rc1? The Docker image is: rmqtt/rmqtt:0.4.1-rc1. Thank you.
I have found an issue in RMQTT v0.4.0 allows attackers to cause a Denial of Service. You can refer to the following link: https://gist.github.com/pengwGit/d8410afeb0d5d11ab79f596a32178c2e
I suggest you find out the cause and fix it