From 2ceedfe097ce58c100c6a69657ecdc6c11b2c434 Mon Sep 17 00:00:00 2001
From: Dirk Ziegelmeier <dirk@ziegelmeier.net>
Date: Sun, 26 Nov 2017 21:05:07 +0100
Subject: [PATCH] Fix bug #52345: MQTT buffer length check seems wrong Don't
 try to parse variable length part if it is not contained in message

---
 src/apps/mqtt/mqtt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/apps/mqtt/mqtt.c b/src/apps/mqtt/mqtt.c
index b03987cd..e8cccde4 100644
--- a/src/apps/mqtt/mqtt.c
+++ b/src/apps/mqtt/mqtt.c
@@ -705,7 +705,7 @@ mqtt_message_received(mqtt_client_t *client, u8_t fixed_hdr_idx, u16_t length, u
     u16_t payload_length = length;
     u8_t qos = MQTT_CTL_PACKET_QOS(client->rx_buffer[0]);
 
-    if (client->msg_idx <= MQTT_VAR_HEADER_BUFFER_LEN) {
+    if ((client->msg_idx <= MQTT_VAR_HEADER_BUFFER_LEN) && (length > 0)) {
       /* Should have topic and pkt id*/
       u8_t *topic;
       u16_t after_topic;