From d3239920d789a16cb9c54c598f4fc7d5ef03f2e9 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Wed, 16 Aug 2017 11:28:54 +0100
Subject: [PATCH] Validate UTF-8 client ids, usernames and topics.

---
 src/handle_connect.c | 10 ++++++++++
 src/handle_publish.c |  5 +++++
 2 files changed, 15 insertions(+)

diff --git a/src/handle_connect.c b/src/handle_connect.c
index f84fafa1..6100ccf6 100644
--- a/src/handle_connect.c
+++ b/src/handle_connect.c
@@ -259,6 +259,11 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 		}
 	}
 
+	if(mosquitto_validate_utf8(client_id, strlen(client_id)) != MOSQ_ERR_SUCCESS){
+		rc = 1;
+		goto handle_connect_error;
+	}
+
 	if(will){
 		will_struct = mosquitto__calloc(1, sizeof(struct mosquitto_message));
 		if(!will_struct){
@@ -322,6 +327,11 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 	if(username_flag){
 		rc = packet__read_string(&context->in_packet, &username);
 		if(rc == MOSQ_ERR_SUCCESS){
+			if(mosquitto_validate_utf8(username, strlen(username)) != MOSQ_ERR_SUCCESS){
+				rc = MOSQ_ERR_PROTOCOL;
+				goto handle_connect_error;
+			}
+
 			if(password_flag){
 				rc = packet__read_string(&context->in_packet, &password);
 				if(rc == MOSQ_ERR_NOMEM){
diff --git a/src/handle_publish.c b/src/handle_publish.c
index 52b81e27..9b9386a0 100644
--- a/src/handle_publish.c
+++ b/src/handle_publish.c
@@ -121,6 +121,11 @@ int handle__publish(struct mosquitto_db *db, struct mosquitto *context)
 		return 1;
 	}
 
+	if(mosquitto_validate_utf8(topic, strlen(topic)) != MOSQ_ERR_SUCCESS){
+		mosquitto__free(topic);
+		return 1;
+	}
+
 	if(qos > 0){
 		if(packet__read_uint16(&context->in_packet, &mid)){
 			mosquitto__free(topic);