You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Ram C (JIRA)" <ji...@apache.org> on 2017/04/05 18:59:41 UTC

[jira] [Comment Edited] (ARTEMIS-826) MQTT with a long password field causes NPE exception

    [ https://issues.apache.org/jira/browse/ARTEMIS-826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957447#comment-15957447 ] 

Ram C edited comment on ARTEMIS-826 at 4/5/17 6:59 PM:
-------------------------------------------------------

[~martyntaylor] : Here are the steps which I have simulated the same issue as using the MQTTTest.java and MQTTTestSupport.java file.

Steps to recreate:
1. Update the MATTTestSupport > createMQTTTcpConnection method to pass username and password (JW token)
 
private MQTT createMQTTTcpConnection(String clientId, boolean clean) throws Exception {
      MQTT mqtt = new MQTT();
      mqtt.setConnectAttemptsMax(1);
      mqtt.setReconnectAttemptsMax(0);
      mqtt.setTracer(createTracer());
      mqtt.setVersion("3.1.1");
      mqtt.setUserName("test_user");
      mqtt.setPassword("eyJhbGciOiJIUzUxMiJ9.eyJjcmVhdGVkIjoxNDc3NDg1NDc5OTEzLCJleHAiOjE0Nzc0ODcyNzksInV1aWQiOiI2NmVkNDc3Mi");
      if (clientId != null) {
         mqtt.setClientId(clientId);
      }
      mqtt.setCleanSession(clean);
      mqtt.setHost("localhost", port);
      return mqtt;
   }

2. Compile and Run the MQTTTest.java > testResendMessageId method.

The validation was failed in MQTTProtocolManager > isProtocol method as the array[4] != 77 when we were using JW token as password field.

Thanks!



was (Author: c.ramsubbu):
[~martyntaylor] : Here I simulated the same issue as using the MQTTTest.java and MQTTTestSupport.java file.

Steps to recreate:
1. Update the MATTTestSupport > createMQTTTcpConnection method to pass username and password (JW token)
 
private MQTT createMQTTTcpConnection(String clientId, boolean clean) throws Exception {
      MQTT mqtt = new MQTT();
      mqtt.setConnectAttemptsMax(1);
      mqtt.setReconnectAttemptsMax(0);
      mqtt.setTracer(createTracer());
      mqtt.setVersion("3.1.1");
      mqtt.setUserName("test_user");
      mqtt.setPassword("eyJhbGciOiJIUzUxMiJ9.eyJjcmVhdGVkIjoxNDc3NDg1NDc5OTEzLCJleHAiOjE0Nzc0ODcyNzksInV1aWQiOiI2NmVkNDc3Mi");
      if (clientId != null) {
         mqtt.setClientId(clientId);
      }
      mqtt.setCleanSession(clean);
      mqtt.setHost("localhost", port);
      return mqtt;
   }

2. Compile and Run the MQTTTest.java > testResendMessageId method.

The validation was failed in MQTTProtocolManager > isProtocol method as the array[4] != 77 when we were using JW token as password field.

Thanks!


> MQTT with a long password field causes NPE exception
> ----------------------------------------------------
>
>                 Key: ARTEMIS-826
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-826
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 1.4.0, 1.5.0
>            Reporter: luca capra
>            Assignee: Martyn Taylor
>            Priority: Critical
>              Labels: mqtt
>             Fix For: 2.next
>
>
> Hi
> I'm using mqtt.js and Paho (java) as client for MQTT protocol. 
> The issue can be replicated both on (my embed) version pointing at master (1.5.0-SNAPSHOT) and with a clean install of 1.4.0 release
> Happens by using a long password (a jwt token in my case) which causes this exception on both versions
> Example password:
> eyJhbGciOiJIUzUxMiJ9.eyJjcmVhdGVkIjoxNDc3NDg1NDc5OTEzLCJleHAiOjE0Nzc0ODcyNzksInV1aWQiOiI2NmVkNDc3Mi0wNDg5LTRlOTYtYmI2NS01NDhiMmVkMmM3MWQifQ.LbOAr8pPApDlVBLi32JWtCjmCa80ByAJYq9BnTnWQgh4SWka4WzykMU0D_atE5tYtgICj2QOg-OFglv2ZqLLNw
> Exception:
> Caused by: java.lang.NullPointerException
> 	at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.decode(ProtocolHandler.java:185) [artemis-server-1.4.0.jar:1.4.0]
> Looking at the source Artemis receive a different set of bytes ("M"QTT starts at array[5])
> https://github.com/apache/activemq-artemis/blob/master/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolManager.java#L131
> ---
> MQTT spec on password length (0 to 65535 bytes of binary data + 2bytes for length)
> http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc385349246
> Client code is here:
> https://gist.github.com/muka/df7cac712a645b9f1895274adcbe3670
> Embed artemis code is here:
> https://github.com/muka/raptor/tree/master/raptor-broker
> Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)