From 26eeea68e971db812893c63499047e6606e76cce Mon Sep 17 00:00:00 2001
From: Federico Cecchetto <fedecek3@gmail.com>
Date: Thu, 10 Mar 2022 22:12:56 +0100
Subject: [PATCH] Check msg size in command handling

---
 src/client/component/auth.cpp    | 2 +-
 src/client/component/network.cpp | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/client/component/auth.cpp b/src/client/component/auth.cpp
index 5e34fa2..7fa5f0d 100644
--- a/src/client/component/auth.cpp
+++ b/src/client/component/auth.cpp
@@ -121,7 +121,7 @@ namespace auth
 			const auto offset = sizeof("connect") + 4;
 
 			proto::network::connect_info info;
-			if (!info.ParseFromArray(msg->data + offset, msg->cursize - offset))
+			if (msg->cursize < offset || !info.ParseFromArray(msg->data + offset, msg->cursize - offset))
 			{
 				network::send(*from, "error", "Invalid connect data!", '\n');
 				return;
diff --git a/src/client/component/network.cpp b/src/client/component/network.cpp
index f8c499c..dfacac2 100644
--- a/src/client/component/network.cpp
+++ b/src/client/component/network.cpp
@@ -24,12 +24,12 @@ namespace network
 			const auto cmd_string = utils::string::to_lower(command);
 			auto& callbacks = get_callbacks();
 			const auto handler = callbacks.find(cmd_string);
-			if (handler == callbacks.end())
+			const auto offset = cmd_string.size() + 5;
+			if (message->cursize < offset || handler == callbacks.end())
 			{
 				return false;
 			}
 
-			const auto offset = cmd_string.size() + 5;
 			const std::string_view data(message->data + offset, message->cursize - offset);
 
 			handler->second(*address, data);