An issue in RMQTT v0.4.0

[pengwGit]

I have found an issue in RMQTT v0.4.0 allows attackers to cause a Denial of Service. You can refer to the following link: https://gist.github.com/pengwGit/d8410afeb0d5d11ab79f596a32178c2e

I suggest you find out the cause and fix it

[rmqtt]

Thank you for what you have done for RMQTT. I will try to reproduce this issue and fix it.

[rmqtt]

I couldn't reproduce this issue; it's possible that my testing method is incorrect. Could you please confirm your testing environment and methods again:

1. Is RMQTT being used in single-node or cluster mode?
2. Are packets 1 to 5 being sent over the same connection, or is a new connection created for each packet?
3. Do I need to hex decode the [Attack Vectors] packet data before using it for testing?

[pengwGit]

I deployed RMQTT and a fuzz testing tool FUME on the same node. These data packets sent by the same connection and does not need to be decoded. The tool URL：https://github.com/PBearson/FUME-Fuzzing-MQTT-Brokers

[rhello2999]

I used FUME but still couldn't reproduce the agent crash issue. The logs contain numerous entries: 'V5(BadAuthenticationMethod), reason: extended Auth is not supported' because the MQTT::Auth message hasn't been implemented yet.

I made some optimizations regarding encoding and decoding for ntex and ntex-mqtt and built rmqtt:0.4.1-rc1. If it's convenient for you, could you please perform another test based on rmqtt:0.4.1-rc1? The Docker image is: rmqtt/rmqtt:0.4.1-rc1. Thank you.