From c001e778c14167344351e08947533b7e76e94272 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Tue, 13 Feb 2018 12:19:34 +0000
Subject: [PATCH] [693] Fix handling of null bytes in received strings.

Thanks to Umberto Boscolo.

Bug: https://github.com/eclipse/mosquitto/issues/693
---
 ChangeLog.txt        |  1 +
 lib/utf8_mosq.c      |  2 +-
 src/handle_connect.c | 21 +++++++++++----------
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 3d62e2e2..c00020e7 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -44,6 +44,7 @@ Broker:
 - IPv6 is no longer disabled for websockets listeners.
 - Remove all build timestamp information including $SYS/broker/timestamp.
   Close #651.
+- Correctly handle incoming strings that contain a NULL byte. Closes #693.
 
 Client library:
 - Outgoing messages with QoS>1 are no longer retried after a timeout period.
diff --git a/lib/utf8_mosq.c b/lib/utf8_mosq.c
index dd5eedd9..54785d0b 100644
--- a/lib/utf8_mosq.c
+++ b/lib/utf8_mosq.c
@@ -26,7 +26,7 @@ int mosquitto_validate_utf8(const char *str, int len)
 	const unsigned char *ustr = (const unsigned char *)str;
 
 	if(!str) return MOSQ_ERR_INVAL;
-	if(len < 1 || len > 65536) return MOSQ_ERR_INVAL;
+	if(len < 0 || len > 65536) return MOSQ_ERR_INVAL;
 
 	for(i=0; i<len; i++){
 		if(ustr[i] == 0){
diff --git a/src/handle_connect.c b/src/handle_connect.c
index 4fb59d2d..f5298cfd 100644
--- a/src/handle_connect.c
+++ b/src/handle_connect.c
@@ -37,7 +37,7 @@ Contributors:
 #  include <libwebsockets.h>
 #endif
 
-static char *client_id_gen(struct mosquitto_db *db)
+static char *client_id_gen(struct mosquitto_db *db, int *idlen)
 {
 	char *client_id;
 #ifdef WITH_UUID
@@ -47,23 +47,24 @@ static char *client_id_gen(struct mosquitto_db *db)
 #endif
 
 #ifdef WITH_UUID
-	client_id = (char *)mosquitto__calloc(37 + db->config->auto_id_prefix_len, sizeof(char));
+	*idlen = 36 + db->config->auto_id_prefix_len;
+#else
+	*idlen = 64 + db->config->auto_id_prefix_len;
+#endif
+
+	client_id = (char *)mosquitto__calloc((*idlen) + 1, sizeof(char));
 	if(!client_id){
 		return NULL;
 	}
 	if(db->config->auto_id_prefix){
 		memcpy(client_id, db->config->auto_id_prefix, db->config->auto_id_prefix_len);
 	}
+
+
+#ifdef WITH_UUID
 	uuid_generate_random(uuid);
 	uuid_unparse_lower(uuid, &client_id[db->config->auto_id_prefix_len]);
 #else
-	client_id = (char *)mosquitto__calloc(65 + db->config->auto_id_prefix_len, sizeof(char));
-	if(!client_id){
-		return NULL;
-	}
-	if(db->config->auto_id_prefix){
-		memcpy(client_id, db->config->auto_id_prefix, db->config->auto_id_prefix_len);
-	}
 	for(i=0; i<64; i++){
 		client_id[i+db->config->auto_id_prefix_len] = (rand()%73)+48;
 	}
@@ -240,7 +241,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 				rc = MOSQ_ERR_PROTOCOL;
 				goto handle_connect_error;
 			}else{
-				client_id = client_id_gen(db);
+				client_id = client_id_gen(db, &slen);
 				if(!client_id){
 					rc = MOSQ_ERR_NOMEM;
 					goto handle_connect_error;