From a9af8713bc1f5bd1b50e1b6b0a2dd32889e57be4 Mon Sep 17 00:00:00 2001
From: dongresource <dongresource@protonmail.com>
Date: Sun, 12 Mar 2023 01:45:18 +0100
Subject: [PATCH] Reject network messages too small for the packet size field

---
 src/core/CNProtocol.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/core/CNProtocol.cpp b/src/core/CNProtocol.cpp
index bfe0ad3..6b120fb 100644
--- a/src/core/CNProtocol.cpp
+++ b/src/core/CNProtocol.cpp
@@ -246,9 +246,10 @@ void CNSocket::step() {
     if (readSize <= 0) {
         // we aren't reading a packet yet, try to start looking for one
         int recved = recv(sock, (buffer_t*)readBuffer, sizeof(int32_t), 0);
-        if (recved == 0) {
-            // the socket was closed normally
+        if (recved >= 0 && recved < sizeof(int32_t)) {
+            // too little data for readSize or the socket was closed normally (when 0 bytes were read)
             kill();
+            return;
         } else if (!SOCKETERROR(recved)) {
             // we got our packet size!!!!
             readSize = *((int32_t*)readBuffer);
@@ -269,11 +270,12 @@ void CNSocket::step() {
     }
 
     if (readSize > 0 && readBufferIndex < readSize) {
-        // read until the end of the packet! (or at least try too)
+        // read until the end of the packet (or at least try to)
         int recved = recv(sock, (buffer_t*)(readBuffer + readBufferIndex), readSize - readBufferIndex, 0);
         if (recved == 0) {
             // the socket was closed normally
             kill();
+            return;
         } else if (!SOCKETERROR(recved))
             readBufferIndex += recved;
         else if (OF_ERRNO != OF_EWOULD) {