Based on the webpage screenshot provided by the user, I extracted the following key information: 1. **Vulnerability Overview:** * **Title:** Fix MQTT session resume bug of subinfo in WebSocket transport #11405 * **Core Issue:** This is a fix for a bug in MQTT protocol implementation where `subinfo` (subscription information) was incorrectly handled during session resume in WebSocket transport mode. * **Specific Behavior:** In MQTT 5.0 protocol, when a client reconnects and requests to resume a session, the server needs to properly restore previous subscription information. The previous implementation contained a bug that prevented subscription information from being correctly restored or processed. * **Related Issue:** Linked to issue #11405. 2. **Impact Scope:** * **Component:** `subinfo` (subscription information structure). * **Protocol:** MQTT 5.0 (specifically involving `SUBSCRIBE` and `SESSION RESUME` scenarios). * **Transport Layer:** WebSocket transport. * **Specific Scenario:** When a client disconnects and reconnects, and the server retains the session (Clean Session = false), the server attempts to restore subscription information. 3. **Fix Solution:** * **Code Changes:** Modified the definition of the `subinfo` structure and related processing logic. * **Specific Modifications:** * Added a `properties` field (`MQTTProperties`) to the `subinfo` structure to store subscription properties. * Modified the `clone` method of `subinfo` to ensure `properties` is also correctly copied. * Modified the `encode` method of `subinfo` to ensure `properties` is correctly encoded when sending `SUBSCRIBE` packets. * Modified the `decode` method of `subinfo` to ensure `properties` is correctly decoded when receiving `SUBSCRIBE` packets. * Modified the logic of the `subscribe` function in the `mqtt5` module to ensure that `properties` of `subinfo` can be correctly read and written during session resume. * **Testing:** Added relevant unit tests (`test_mqtt5_subinfo`) to verify the fix. 4. **POC/Exploit Code:** * The page displays fix code (diff), not exploit code. * Extracted key parts of the fix code. **Summary:** This is a bug fix for MQTT 5.0 protocol implementation, primarily addressing the issue of subscription information (`subinfo`) being lost or corrupted during session resume in WebSocket transport mode. The fix involves extending the `subinfo` structure (adding properties field) and updating related encoding/decoding/clone logic. **Extracted Code:** The page displays a Go language code diff. ```go diff --git a/internal/mqtt5/subinfo.go b/internal/mqtt5/subinfo.go index 1234567..abcdefg 100644 --- a/internal/mqtt5/subinfo.go +++ b/internal/mqtt5/subinfo.go @@ -1,5 +1,6 @@ package mqtt5 +import "github.com/emqx/nemqtt/internal/mqtt5" type SubInfo struct { TopicFilter string Qos byte + Properties MQTTProperties } func (s *SubInfo) Clone() *SubInfo { ns := &SubInfo{ TopicFilter: s.TopicFilter, Qos: s.Qos, + Properties: s.Properties.Clone(), } return ns } func (s *SubInfo) Encode() ([]byte, error) { // ... existing code ... + if s.Properties != nil { + buf, err := s.Properties.Encode() + if err != nil { + return nil, err + } + buf = append(buf, buf...) + } return buf, nil } func (s *SubInfo) Decode(buf []byte) error { // ... existing code ... + if len(buf) > 0 { + s.Properties = &MQTTProperties{} + if err := s.Properties.Decode(buf); err != nil { + return err + } + } return nil } ``` (Note: The above code is reconstructed based on the diff content in the screenshot. The actual code in the screenshot may be more complex, containing specific variable names and logic details. The code in the screenshot mainly focuses on modifications to the `subinfo` structure.) **Final Output Structure:** * **Vulnerability Overview:** Brief description of the MQTT 5.0 WebSocket session resume bug. * **Impact Scope:** Identify affected components and scenarios. * **Fix Solution:** Describe code-level modifications. * **Code Block:** Extract key code diff from the screenshot. ### Vulnerability Summary **Vulnerability Overview** This page presents a fix for a Session Resume bug in MQTT 5.0 protocol under WebSocket transport mode. Specifically, the `subinfo` (subscription information) contained logic errors when handling session resume, causing subscription properties to fail to be correctly saved or restored. **Impact Scope** * **Protocol Version:** MQTT 5.0 * **Transport Layer:** WebSocket Transport * **Affected Components:** `subinfo` structure and its related encoding/decoding/clone logic. * **Scenario:** When a client disconnects and reconnects (Clean Session = false) to resume a session, the server cannot correctly restore previous subscription information and its properties. **Fix Solution** * **Structure Extension:** Added a `Properties` field (type `MQTTProperties`) to the `subinfo` structure to store subscription properties. * **Logic Updates:** * Updated the `Clone` method to ensure `Properties` is correctly deep-copied. *