Skip to content

Fix MQTT client: clear credentials and will on connection teardown#402

Open
EdouardMALOT wants to merge 1 commit into
eclipse-threadx:masterfrom
EdouardMALOT:fix/mqtt-clear-credentials-teardown
Open

Fix MQTT client: clear credentials and will on connection teardown#402
EdouardMALOT wants to merge 1 commit into
eclipse-threadx:masterfrom
EdouardMALOT:fix/mqtt-clear-credentials-teardown

Conversation

@EdouardMALOT

@EdouardMALOT EdouardMALOT commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

The credentials and will pointers stored in the client (nxd_mqtt_client_username / password / will_topic / will_message, set by nxd_mqtt_client_login_set() and nxd_mqtt_client_will_message_set()) must be cleared on every connection teardown, error paths included. Today only the clean-disconnect path clears them, in _nxd_mqtt_process_disconnect(); the failed-connect teardowns (CONNACK refused, TCP or TLS establish failure) go through _nxd_mqtt_client_connection_end() and keep the stale pointers. If the application then reconfigures the same client for an anonymous connection (no new login_set() call) and its old buffers have been zeroed or reused, the next CONNECT goes out with the username flag set but no valid username. Mosquitto drops it as a protocol error (CONNECT with username flag but no username) and nxd_mqtt_client_secure_connect() fails with NXD_MQTT_COMMUNICATION_FAILURE (0x10007), on every retry, until the device reboots.

Observed during TLS/MQTT test-bench runs: connect attempts with credentials failed while the server certificate was temporarily invalid, the configuration was then switched back to an anonymous account, and the live client could never reconnect.

Changes

  • addons/mqtt/nxd_mqtt_client.c

Behavioral note: credentials were already cleared on every clean disconnect by _nxd_mqtt_process_disconnect(), so the effective contract is already "call login_set() before each connect that needs credentials". This change only extends the existing cleanup to the failure paths.

Test plan

  • Reproduced on mosquitto: after a failed connect with credentials, an anonymous reconnect on the same client sends CONNECT with the username flag and no username, and is dropped by the broker as a protocol error
  • Audit of all teardown call sites: _nxd_mqtt_process_disconnect, _nxd_mqtt_process_connack error path, TCP/TLS establish-process failures, and the early TCP-failure branch of _nxd_mqtt_client_connect all reset the credentials with this change
  • Full device-level regression on our gateway test bench with the patched library, including secure and plain connect/disconnect/reconnect cycles with credentials re-set before each connect (in progress)

nxd_mqtt_client_login_set stores pointers into the caller's buffers,
and only _nxd_mqtt_process_disconnect reset them. Failed connects
(CONNACK refused, TCP or TLS establish failure) tear down through
_nxd_mqtt_client_connection_end and skip that reset, so a later
connect without credentials sends CONNECT with the username flag set
but no username. Brokers drop it as a protocol error.

Move the cleanup into _nxd_mqtt_client_connection_end, which every
teardown path goes through except the early TCP-failure branch of
_nxd_mqtt_client_connect. That branch gets the same cleanup inline,
plus a use_tls reset: it has the same stale-flag problem that eclipse-threadx#400
fixes in connection_end, on a path eclipse-threadx#400 does not cover.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant