Comments (4)
@songxpu are you with @gazer-star ? If so plz merge the issues BTW, we use macro func here for the sake of performance. The poor design of MQTT protocol creates a lot of troubles on security, especially if I wanna achieve best equilibrium of mem and performance. In my view, this is a non-severe complaint from ASAN. It will be dropped, although the strlen here exceeds the packet length. It still works If ASAN is turned off. (If not, then it is my fault, plz send me the packet data)
I am not saying I don't want to fix this, but to balance performance & security, it is not urgent.
Hi, we are not together.
Then, I found that my reply above was incorrect and should have replied to the other issue, so I deleted it.
With regard to the bug fix plan, I agree with your suggestion。
from nanomq.
@songxpu are you with @gazer-star ? If so plz merge the issues
BTW, we use macro func here for the sake of performance. The poor design of MQTT protocol creates a lot of troubles on security, especially if I wanna achieve best equilibrium of mem and performance.
In my view, this is a non-severe complaint from ASAN. It will be dropped, although the strlen here exceeds the packet length. It still works If ASAN is turned off. (If not, then it is my fault, plz send me the packet data)
I am not saying I don't want to fix this, but to balance performance & security, it is not urgent.
from nanomq.
songxpu
Nevermind, thanks for discovering issues for nanomq.
I will leave this issue as wont-fix for now
from nanomq.
Thanks for your comments. With regard to the bug fix plan, I agree with your suggestion. The poor design of MQTT protocol creates a lot of troubles on security, especially dealing with malformed length.
from nanomq.
Related Issues (20)
- mqtt broker_tls.c:488: NULL msg detected in send_cb HOT 7
- [CI:Records] websocket is not compatible with NULL clientID
- ws crash HOT 2
- tlstran_pipe_qos_send_cb: NULL msg detected in send_cb HOT 10
- conn_param used in offline msg cause HUAF
- tlstran_pipe_nego_cb: connect nego error rv: Cryptographic error HOT 3
- Heap use after free in nanomq_cli tls sub HOT 2
- Potential DoS Attacks in NanoMQ HOT 3
- High idle CPU usage with latest full docker image HOT 3
- Unable to get NanoMQ implementation of Retained Messages to function correctly HOT 6
- Argument parsing issue for nngproxy HOT 3
- [Question] MySQL plugin HOT 6
- Clean Session for v311 and session expiry for v5 is not working HOT 1
- How to use nanomq_cli quic client? HOT 1
- retain消息持久化,系统主题有bug HOT 2
- Weird ASSERT warning in self-complied Docker? HOT 2
- Malformed packet may lead to unexpected behavior. HOT 1
- NanoMQ accidentally send Reserved-type packets to clients HOT 9
- The logic for parsing User Property seems flawed HOT 1
- Several protocol violations or bugs in NanoMQ HOT 33
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nanomq.