-
-
Notifications
You must be signed in to change notification settings - Fork 509
Mosca crashes when connecting with TLS on MQTT Port #393
Comments
Update on this, I just realized that the behavior depends on the node version (on client side!!)
obviously this might be a mqttjs issue, but still shows a vulnerability of mosca allowing to crash the whole broker that should be resolved. |
Okay I have resolved the issue. The problem was actually not from mosca but from the I will file a PR with a fix in the next minutes. So what happened? The TLS connect message that arrived at Mosca looked like this:
Note the The Why did I observe no problem in node 0.10? funny enough, in this case the initial packet looked very similar but had a length of 314 bytes and thus did not produce an overflow. We obviously have various problems here:
on the other hand in mosca (or mqtt-connection) also some sort of exception catch might be worth implementing so that a single falsy packet doesn't get a chance to kill the whole broker. I concentrated on the mqtt-packet fixing for now because I would love to get some feedback on how to generally harden mosca in this respect from @mcollina |
This should be fixed now by reinstalling. Regarding the try-catch, I'm against it. try-catch might leave some resources in unknown state, and will inhibit us to know about this cases and fix the condition under which a packet is thrown. |
I think this assessment depends extremely on the application. I consider applications that require high availability and don't feel comfortable in having such a fragility. In such a scenario though, of course I would implement some sort of exception notification. The only agreeable argument from my side are potential leakage situations which are indeed absolutely unwanted. As far as I know this mainly happens when try/catching asynchronous execution, which would not be the case if we had it in the parser. But I am not an expert in this point and thus will follow your opinion. Is there anything else - except try/catch - that might improve stability here? |
@psorowka a try catch might leave stuff in a bad situation, possibly leaking memory, file descriptors on anything related. If any exception happens in a node application, the safest thing you can do is to shut down gracefully and restart. The only true option are domains, but they have their own problems. Take also into account that a parsing failed issue is the first one in years. |
Okay than let's have a look at "shut down gracefully and restart". Can I rely on all sockets being closed when node exits on unhandled exception? In that case something like If that is not the case I would at least need one try/catch on the very top-level mosca layer which allows me to close all connections and exit. |
And by the way it was not the first complete broker crash we observed, but the first we could cleanly reproduce |
@psorowka I think I solved this once and for all: https://github.com/mqttjs/mqtt-packet/blob/master/testRandom.js. I've found a couple more cases. |
@mcollina thought about that exact solution as well. Have you checked that against the non-patched version? "once and for all" is a strong statement though :) anyway, thanks for the quick merge and the good job! |
@psorowka if you want to tweak that script and change it to discover more, please do :). |
By accident we have found critical behavior in Mosca:
when connecting with a TLS connection on the plain mqtt port, the whole broker simply crashes with error:
One-liner to reproduce this behavior (assuming standard mosca running on localhost):
We will dig further into it and provide a PR if we have a fix. Meanwhile we wanted to share the bug in case somebody is quicker in spotting the solution.
The text was updated successfully, but these errors were encountered: