From 969695f318e4a96535f3e2109c828d6ea6085c0a Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Tue, 21 Apr 2015 18:59:35 -0400
Subject: [PATCH] check garlic clove length

---
 Garlic.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Garlic.cpp b/Garlic.cpp
index 113aaa8d..261619eb 100644
--- a/Garlic.cpp
+++ b/Garlic.cpp
@@ -461,6 +461,7 @@ namespace garlic
 
 	void GarlicDestination::HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
+		const uint8_t * buf1 = buf;
 		int numCloves = buf[0];
 		LogPrint (numCloves," cloves");
 		buf++;
@@ -518,6 +519,11 @@ namespace garlic
 			buf += 4; // CloveID
 			buf += 8; // Date
 			buf += 3; // Certificate
+			if (buf - buf1  > (int)len)
+			{
+				LogPrint (eLogError, "Gralic clove is too long");
+				break;
+			}	
 		}	
 	}