espressif/esp-mqtt
1
0
Fork 1
mirror of https://github.com/espressif/esp-mqtt.git synced 2025-08-01 19:55:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

mqtt_msg: Set zero length username if password is set without username

Browse Source 
Some cloud server (e.g. exosite) takes empty username with password.

When password is set without username, the current esp-mqtt implementation will
ignore the username and only set password. This violates MQTT-3.1.2-22 [1].
To address this issue, send zero length username if password is set without username.

[1] MQTT-3.1.2-22: If the User Name Flag is set to 0 then the Password Flag MUST be set to 0.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
This commit is contained in:
Axel Lin
2020-12-23 21:14:25 +08:00
committed by David Cermak
parent 9ea804e0ab
commit 3efac7b7fa
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/mqtt_msg.c
View File

@@ -410,6 +410,17 @@ mqtt_message_t *mqtt_msg_connect(mqtt_connection_t *connection, mqtt_connect_inf
}
if (info->password != NULL && info->password[0] != '\0') {
if (info->username == NULL || info->username[0] == '\0') {
/* In case if password is set without username, we need to set a zero length username.
* (otherwise we violate: MQTT-3.1.2-22: If the User Name Flag is set to 0 then the Password Flag MUST be set to 0.)
*/
if (append_string(connection, "", 0) < 0) {
return fail_message(connection);
}
variable_header[flags_offset] |= MQTT_CONNECT_FLAG_USERNAME;
}
if (append_string(connection, info->password, strlen(info->password)) < 0) {
return fail_message(connection);
}