diff --git a/doc/publican/sources/Protocol.xml b/doc/publican/sources/Protocol.xml
index 38243fa7..692f17eb 100644
--- a/doc/publican/sources/Protocol.xml
+++ b/doc/publican/sources/Protocol.xml
@@ -152,7 +152,8 @@
 	      Starts with an unsigned 32-bit length (including null terminator),
 	      followed by the UTF-8 encoded string contents, including
 	      terminating null byte, then padding to a 32-bit boundary. A null
-	      value is represented with a length of 0.
+	      value is represented with a length of 0. Interior null bytes are
+	      not permitted.
 	    </para>
 	  </listitem>
 	</varlistentry>
diff --git a/src/connection.c b/src/connection.c
index e1b751ac..6b28d21d 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -975,7 +975,7 @@ wl_connection_demarshal(struct wl_connection *connection,
 
 			s = (char *) p;
 
-			if (length > 0 && s[length - 1] != '\0') {
+			if (s[length - 1] != '\0') {
 				wl_log("string not nul-terminated, "
 				       "message %s(%s)\n",
 				       message->name, message->signature);
@@ -983,6 +983,14 @@ wl_connection_demarshal(struct wl_connection *connection,
 				goto err;
 			}
 
+			if (strlen(s) != length - 1) {
+				wl_log("string has embedded nul at offset %zu, "
+				       "message %s(%s)\n", strlen(s),
+				       message->name, message->signature);
+				errno = EINVAL;
+				goto err;
+			}
+
 			closure->args[i].s = s;
 			p = next;
 			break;