mosquitto icon indicating copy to clipboard operation
mosquitto copied to clipboard
verified publisher icon eclipse

Mosquitto Broker doesn't initialize time and select appropriate clock

Open ericguin opened this issue 1 year ago • 2 comments

Good day,

My company uses the Mosquitto broker on an embedded device. We noticed that if time jumps forward, the broker spuriously disconnects all clients, citing timeout as the reason.

We didn't expect this to happen, as in mosquitto_time_init we see that the system will select the boot time clock or the monotonic clock, both of which should be date/time tolerant. During my investigation, I found out that the broker src/mosquitto.c never calls mosquitto_time_init, and the time_clock defaults to 0, which is the real time clock.

All of the clients seem to call msoquitto_time_init via mosquitto_lib_init, but that symbol isn't available to the broker. Instead, it looks like the main function for the broker partially re-implements the three tasks of mosquitto_lib_init:

  1. Init time
  2. Seed the random number generator
  3. Initialize the network

Instead, the broker main file explicitly seeds the random source and calls net__broker_init() which calls the network initialization on its own (see here). As it doesn't call the time init, the broker never picks up on a boot time or monotonic clock, thus leaving it vulnerable to time changes.

We have experimented with adding in the mosquitto_time_init() call on our own, and it seems to resolve the issue. We see there is an open PR with this as a fix (see here) but are concerned with no comments on it and would like some clarification on this issue before we move on.

Thank you, Eric

ericguin avatar Mar 14 '25 16:03 ericguin

We are currently auditing if our previous releases are affected by this. Our shipping products use version 2.0.15 of Mosquitto, which doesn't appear to be vulnerable to this. Looks like the mosquitto_time_init() function was added since, and version 2.0.15 is hard coded to use the monotonic clock, and is thus not vulnerable to forward time shifts.

EDIT: We have some on 2.0.18, but it is similarly lacking in the time init function, and is thus not vulnerable.

ericguin avatar Mar 14 '25 17:03 ericguin

Thanks for the report, this is indeed an annoying case. I've gone with the option of calling mosquitto_time_init() directly in the broker for 2.0.22 and it'll be released shortly. It believe the problem would have started in 2.0.19.

If you've got shipping products with mosquitto in, you may be interested to know that cedalo.com, who I work for, provide support for mosquitto and other features.

ralight avatar May 01 '25 11:05 ralight