From 8c87a0fc381718a4512192426491da16ce3366a2 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Wed, 27 Aug 2014 10:02:23 -0400
Subject: [PATCH] check for buffer overflow

---
 NTCPSession.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/NTCPSession.cpp b/NTCPSession.cpp
index 1d1f098a..8ae621d7 100644
--- a/NTCPSession.cpp
+++ b/NTCPSession.cpp
@@ -30,6 +30,8 @@ namespace ntcp
 	NTCPSession::~NTCPSession ()
 	{
 		delete m_DHKeysPair;
+		if (m_NextMessage)	
+			i2p::DeleteI2NPMessage (m_NextMessage);
 	}
 
 	void NTCPSession::CreateAESKey (uint8_t * pubKey, uint8_t * aesKey)
@@ -436,6 +438,14 @@ namespace ntcp
 			if (dataSize)
 			{
 				// new message
+				if (dataSize > NTCP_MAX_MESSAGE_SIZE)
+				{
+					LogPrint ("NTCP data size ", dataSize, " exceeds max size");
+					i2p::DeleteI2NPMessage (m_NextMessage);
+					m_NextMessage = nullptr;
+					Terminate ();
+					return;
+				}
 				m_NextMessageOffset += 16;
 				m_NextMessage->offset = 2; // size field
 				m_NextMessage->len = dataSize + 2;