From 4daba0ae5c11cca4da2fd98a1ba4fe0b490a4a86 Mon Sep 17 00:00:00 2001
From: Nick O'Leary <nick.oleary@gmail.com>
Date: Fri, 2 Nov 2018 00:06:32 +0000
Subject: [PATCH] Fix remaining length protection

---
 src/PubSubClient.cpp       | 2 +-
 tests/src/receive_spec.cpp | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/PubSubClient.cpp b/src/PubSubClient.cpp
index bd2514f..997bfb4 100755
--- a/src/PubSubClient.cpp
+++ b/src/PubSubClient.cpp
@@ -244,7 +244,7 @@ uint16_t PubSubClient::readPacket(uint8_t* lengthLength) {
     uint8_t start = 0;
 
     do {
-        if (len == 6) {
+        if (len == 5) {
             // Invalid remaining length encoding - kill the connection
             _state = MQTT_DISCONNECTED;
             _client->stop();
diff --git a/tests/src/receive_spec.cpp b/tests/src/receive_spec.cpp
index 4ecd439..9a18af0 100644
--- a/tests/src/receive_spec.cpp
+++ b/tests/src/receive_spec.cpp
@@ -174,8 +174,8 @@ int test_drop_invalid_remaining_length_message() {
     int rc = client.connect((char*)"client_test1");
     IS_TRUE(rc);
 
-    byte publish[] = {0x30,0x92,0x92,0x92,0x92,0x92,0x92,0x0,0x5,0x74,0x6f,0x70,0x69,0x63,0x70,0x61,0x79,0x6c,0x6f,0x61,0x64};
-    shimClient.respond(publish,21);
+    byte publish[] = {0x30,0x92,0x92,0x92,0x92,0x01,0x0,0x5,0x74,0x6f,0x70,0x69,0x63,0x70,0x61,0x79,0x6c,0x6f,0x61,0x64};
+    shimClient.respond(publish,20);
 
     rc = client.loop();