From 744e893dcef13db3d47aea1d877cf97032fa0c03 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Mon, 23 Mar 2020 18:09:57 -0400
Subject: [PATCH] check message length

---
 libi2pd_client/I2CP.cpp | 12 ++++++++++--
 libi2pd_client/I2CP.h   |  3 ++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/libi2pd_client/I2CP.cpp b/libi2pd_client/I2CP.cpp
index ccd94e46..eec21f06 100644
--- a/libi2pd_client/I2CP.cpp
+++ b/libi2pd_client/I2CP.cpp
@@ -246,8 +246,16 @@ namespace client
 			m_PayloadLen = bufbe32toh (m_Header + I2CP_HEADER_LENGTH_OFFSET);
 			if (m_PayloadLen > 0)
 			{
-				m_Payload = new uint8_t[m_PayloadLen];
-				ReceivePayload ();
+				if (m_PayloadLen <= I2CP_MAX_MESSAGE_LENGTH)
+				{	
+					m_Payload = new uint8_t[m_PayloadLen];
+					ReceivePayload ();
+				}
+				else
+				{
+					LogPrint (eLogError, "I2CP: Unexpected payload length ", m_PayloadLen); 
+					Terminate ();
+				}	
 			}
 			else // no following payload
 			{
diff --git a/libi2pd_client/I2CP.h b/libi2pd_client/I2CP.h
index 848378e0..f675318f 100644
--- a/libi2pd_client/I2CP.h
+++ b/libi2pd_client/I2CP.h
@@ -24,7 +24,8 @@ namespace client
 {
 	const uint8_t I2CP_PROTOCOL_BYTE = 0x2A;
 	const size_t I2CP_SESSION_BUFFER_SIZE = 4096;
-
+	const size_t I2CP_MAX_MESSAGE_LENGTH = 65535;
+	
 	const size_t I2CP_HEADER_LENGTH_OFFSET = 0;
 	const size_t I2CP_HEADER_TYPE_OFFSET = I2CP_HEADER_LENGTH_OFFSET + 4;
 	const size_t I2CP_HEADER_SIZE = I2CP_HEADER_TYPE_OFFSET + 1;