From 624d84c68ace8683d1a854d6d68b95c453a0e0b8 Mon Sep 17 00:00:00 2001
From: Bryan Biedenkapp <gatekeep@gmail.com>
Date: Thu, 15 Jan 2026 14:42:52 -0500
Subject: [PATCH] validate the RPC data length includes the message;

---
 src/common/network/NetRPC.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/common/network/NetRPC.cpp b/src/common/network/NetRPC.cpp
index 3368d3ea..b34b10a6 100644
--- a/src/common/network/NetRPC.cpp
+++ b/src/common/network/NetRPC.cpp
@@ -98,6 +98,12 @@ void NetRPC::clock(uint32_t ms)
                 udp::Socket::address(address).c_str(), udp::Socket::port(address), rpcHeader.getFunction(), rpcHeader.getMessageLength());
         }
 
+        if (length < RPC_HEADER_LENGTH_BYTES + rpcHeader.getMessageLength()) {
+            LogError(LOG_NET, "NetRPC::clock(), message received from network is malformed! %u bytes != %u bytes", 
+                RPC_HEADER_LENGTH_BYTES + rpcHeader.getMessageLength(), length);
+            return;
+        }
+
         // copy message
         uint32_t messageLength = rpcHeader.getMessageLength();
         UInt8Array message = std::unique_ptr<uint8_t[]>(new uint8_t[messageLength]);