From 9660f230100a4ccd3029fc111abe7f501a6910ff Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 16 Oct 2022 18:05:34 +0200
Subject: [PATCH] mqtt: return error for too long topic

Closes #9744
---
 lib/mqtt.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/mqtt.c b/lib/mqtt.c
index 7320747af0..bc9a3c1273 100644
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -389,10 +389,18 @@ static CURLcode mqtt_get_topic(struct Curl_easy *data,
                                char **topic, size_t *topiclen)
 {
   char *path = data->state.up.path;
-  if(strlen(path) > 1)
-    return Curl_urldecode(path + 1, 0, topic, topiclen, REJECT_NADA);
-  failf(data, "No MQTT topic found. Forgot to URL encode it?");
-  return CURLE_URL_MALFORMAT;
+  CURLcode result = CURLE_URL_MALFORMAT;
+  if(strlen(path) > 1) {
+    result = Curl_urldecode(path + 1, 0, topic, topiclen, REJECT_NADA);
+    if(!result && (*topiclen > 0xffff)) {
+      failf(data, "Too long MQTT topic");
+      result = CURLE_URL_MALFORMAT;
+    }
+  }
+  else
+    failf(data, "No MQTT topic found. Forgot to URL encode it?");
+
+  return result;
 }
 
 static CURLcode mqtt_subscribe(struct Curl_easy *data)
-- 
2.47.3