Validate UTF-8 client ids, usernames and topics.

8 years ago · d3239920d7
parent 0745bcdb91
commit d3239920d7
2 changed files with 15 additions and 0 deletions
--- a/src/handle_connect.c
+++ b/src/handle_connect.c
@ -259,6 +259,11 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 		}
 	}

+	if(mosquitto_validate_utf8(client_id, strlen(client_id)) != MOSQ_ERR_SUCCESS){
+		rc = 1;
+		goto handle_connect_error;
+	}
+
 	if(will){
 		will_struct = mosquitto__calloc(1, sizeof(struct mosquitto_message));
 		if(!will_struct){
@ -322,6 +327,11 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 	if(username_flag){
 		rc = packet__read_string(&context->in_packet, &username);
 		if(rc == MOSQ_ERR_SUCCESS){
+			if(mosquitto_validate_utf8(username, strlen(username)) != MOSQ_ERR_SUCCESS){
+				rc = MOSQ_ERR_PROTOCOL;
+				goto handle_connect_error;
+			}
+
 			if(password_flag){
 				rc = packet__read_string(&context->in_packet, &password);
 				if(rc == MOSQ_ERR_NOMEM){
--- a/src/handle_publish.c
+++ b/src/handle_publish.c
@ -121,6 +121,11 @@ int handle__publish(struct mosquitto_db *db, struct mosquitto *context)
 		return 1;
 	}

+	if(mosquitto_validate_utf8(topic, strlen(topic)) != MOSQ_ERR_SUCCESS){
+		mosquitto__free(topic);
+		return 1;
+	}
+
 	if(qos > 0){
 		if(packet__read_uint16(&context->in_packet, &mid)){
 			mosquitto__free(topic);