From 27820a58c6a57fdff8ab3c8fb8f207fd30ff24f9 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Sat, 1 Nov 2025 08:32:43 +0000
Subject: [PATCH] Add upper limit to auto_id_prefix

This prevents uint16_t overflow later
---
 src/conf.c                                        | 8 ++++++++
 test/broker/16-config-parse-errors-without-tls.py | 4 +++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/conf.c b/src/conf.c
index e200a4c3..7c999d9c 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1251,6 +1251,10 @@ static int config__read_file_core(struct mosquitto__config *config, bool reload,
 						return MOSQ_ERR_INVAL;
 					}
 					if(cur_security_options->auto_id_prefix){
+						if(strlen(cur_security_options->auto_id_prefix) > 50){
+							log__printf(NULL, MOSQ_LOG_ERR, "Error: auto_id_prefix length must be <= 50.");
+							return MOSQ_ERR_INVAL;
+						}
 						cur_security_options->auto_id_prefix_len = (uint16_t)strlen(cur_security_options->auto_id_prefix);
 					}else{
 						cur_security_options->auto_id_prefix_len = 0;
@@ -2022,6 +2026,10 @@ static int config__read_file_core(struct mosquitto__config *config, bool reload,
 						return MOSQ_ERR_INVAL;
 					}
 					if(cur_listener->security_options->auto_id_prefix){
+						if(strlen(cur_listener->security_options->auto_id_prefix) > 50){
+							log__printf(NULL, MOSQ_LOG_ERR, "Error: 'listener_auto_id_prefix' length must be <= 50.");
+							return MOSQ_ERR_INVAL;
+						}
 						cur_listener->security_options->auto_id_prefix_len = (uint16_t)strlen(cur_listener->security_options->auto_id_prefix);
 					}else{
 						cur_listener->security_options->auto_id_prefix_len = 0;
diff --git a/test/broker/16-config-parse-errors-without-tls.py b/test/broker/16-config-parse-errors-without-tls.py
index 2f7e22c6..35326538 100755
--- a/test/broker/16-config-parse-errors-without-tls.py
+++ b/test/broker/16-config-parse-errors-without-tls.py
@@ -83,7 +83,9 @@ do_test_broker_failure(conf_file, [f"listener {port}", "max_topic_alias 65536"],
 do_test_broker_failure(conf_file, [f"listener {port}", "max_topic_alias -1"], port, 3, "Error: Invalid 'max_topic_alias' value in configuration.") # Invalid value
 do_test_broker_failure(conf_file, [f"listener {port}", "max_topic_alias_broker 65536"], port, 3, "Error: Invalid 'max_topic_alias_broker' value in configuration.") # Invalid value
 do_test_broker_failure(conf_file, [f"listener {port}", "max_topic_alias_broker -1"], port, 3, "Error: Invalid 'max_topic_alias_broker' value in configuration.") # Invalid value
-do_test_broker_failure(conf_file, ["websockets_headers_size 65536"], port, 3, "Error: Packet buffer size must be between 0 and 65535 inclusive.") # Invalid 'value
+do_test_broker_failure(conf_file, [f"listener {port}", "listener_auto_id_prefix"], port, 3, "Error: Empty 'listener_auto_id_prefix' value in configuration.") # Empty string
+do_test_broker_failure(conf_file, [f"listener {port}", f"listener_auto_id_prefix {'a'*51}"], port, 3, "Error: 'listener_auto_id_prefix' length must be <= 50.") # Invalid value
+do_test_broker_failure(conf_file, ["websockets_headers_size 65536"], port, 3, "Error: Packet buffer size must be between 0 and 65535 inclusive.") # Invalid value
 do_test_broker_failure(conf_file, ["websockets_headers_size -1"], port, 3, "Error: Packet buffer size must be between 0 and 65535 inclusive.") # Invalid value
 do_test_broker_failure(conf_file, ["memory_limit -1"], port, 3, "Error: Invalid 'memory_limit' value (-1).") # Invalid value