Treat SUBACK with an empty payload as a protocol violation

by assuming a non-empty payload and then failing to read the data
if that assumption was too optimistic.

As per [MQTT-3.8.3-2]:
> The Payload MUST contain at least one Topic Filter and Subscription Options pair.
> A SUBSCRIBE packet with no Payload is a Protocol Error.
and then as per [MQTT-3.9.3-1]:
> The Payload contains a list of Reason Codes. Each Reason Code corresponds to a Topic Filter in the SUBSCRIBE packet being acknowledged.
> The order of Reason Codes in the SUBACK packet MUST match the order of Topic Filters in the SUBSCRIBE packet.

Change-Id: I5939d901c897f679ece43b3ec3845c43ee6f2a47
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/mqtt/qmqttconnection.cpp b/src/mqtt/qmqttconnection.cpp
index 9c3c7d6..de2e4b2 100644
--- a/src/mqtt/qmqttconnection.cpp
+++ b/src/mqtt/qmqttconnection.cpp
@@ -1520,7 +1520,9 @@ void QMqttConnection::finalize_suback()
     if (m_clientPrivate->m_protocolVersion == QMqttClient::MQTT_5_0)
         readSubscriptionProperties(sub);
 
-    while (m_missingData > 0) {
+    // 3.9.3 - The Payload contains a list of Reason Codes. Each Reason Code corresponds to a Topic Filter in the SUBSCRIBE packet being acknowledged.
+    // Whereas 3.8.3 states "The Payload MUST contain at least one Topic Filter and Subscription Options pair. A SUBSCRIBE packet with no Payload is a Protocol Error."
+    do {
         quint8 reason = readBufferTyped<quint8>(&m_missingData);
 
         sub->d_func()->m_reasonCode = QMqtt::ReasonCode(reason);
@@ -1562,7 +1564,7 @@ void QMqttConnection::finalize_suback()
             closeConnection(QMqttClient::ProtocolViolation);
             break;
         }
-    }
+    } while (m_missingData > 0);
 }
 
 void QMqttConnection::finalize_unsuback()