From a516d7812a3da28602dc7bc1ee9304a2384fbcc3 Mon Sep 17 00:00:00 2001
From: Chad Fraleigh <chadf@triularity.org>
Date: Mon, 3 Jul 2023 15:49:18 -0700
Subject: [PATCH] Added bounds checking.

---
 libi2pd/LeaseSet.cpp | 8 ++++++++
 libi2pd/NetDb.cpp    | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/libi2pd/LeaseSet.cpp b/libi2pd/LeaseSet.cpp
index 675f6503..7138f4cc 100644
--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@@ -394,6 +394,10 @@ namespace data
 	size_t LeaseSet2::ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len)
 	{
 		size_t offset = 0;
+
+		if(offset + 2 > len) // AKA (len < 2)
+			return 0;
+
 		// properties
 		uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2;
 		offset += propertiesLen; // skip for now. TODO: implement properties
@@ -448,6 +452,10 @@ namespace data
 	size_t LeaseSet2::ReadMetaLS2TypeSpecificPart (const uint8_t * buf, size_t len)
 	{
 		size_t offset = 0;
+
+		if(offset + 2 > len) // AKA (len < 2)
+			return 0;
+
 		// properties
 		uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2;
 		offset += propertiesLen; // skip for now. TODO: implement properties
diff --git a/libi2pd/NetDb.cpp b/libi2pd/NetDb.cpp
index 447eb873..d4af9014 100644
--- a/libi2pd/NetDb.cpp
+++ b/libi2pd/NetDb.cpp
@@ -922,6 +922,10 @@ namespace data
 		else if(!m_FloodfillBootstrap)
 			LogPrint (eLogWarning, "NetDb: Requested destination for ", key, " not found");
 
+		// All peers hashs in buffer?
+		if(msg->GetPayloadLength() < (size_t) (33 + num * 32))
+			return;
+
 		// try responses
 		for (int i = 0; i < num; i++)
 		{