From 21dbb9d7ec89d6e339511e413837924fd7c92774 Mon Sep 17 00:00:00 2001
From: dernasherbrezon <dernasherbrezon@gmail.com>
Date: Sat, 24 Aug 2024 00:53:07 +0100
Subject: [PATCH] make sure invalid data won't allocate too much memory

---
 .../ru/r2cloud/jradio/ccsds/TransferFrameSecondaryHeader.java  | 3 +++
 src/main/java/ru/r2cloud/jradio/eirsat/EirsatBeacon.java       | 3 +++
 src/main/java/ru/r2cloud/jradio/netsat/NetSatBeacon.java       | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/src/main/java/ru/r2cloud/jradio/ccsds/TransferFrameSecondaryHeader.java b/src/main/java/ru/r2cloud/jradio/ccsds/TransferFrameSecondaryHeader.java
index 2653ff6e..79315f56 100644
--- a/src/main/java/ru/r2cloud/jradio/ccsds/TransferFrameSecondaryHeader.java
+++ b/src/main/java/ru/r2cloud/jradio/ccsds/TransferFrameSecondaryHeader.java
@@ -18,6 +18,9 @@ public TransferFrameSecondaryHeader() {
 	public TransferFrameSecondaryHeader(BitInputStream bis) throws IOException {
 		version = bis.readUnsignedInt(2);
 		length = bis.readUnsignedInt(6);
+		if (length > bis.available()) {
+			throw new IOException("invalid length: " + length);
+		}
 		payload = new byte[length];
 		bis.readFully(payload);
 	}
diff --git a/src/main/java/ru/r2cloud/jradio/eirsat/EirsatBeacon.java b/src/main/java/ru/r2cloud/jradio/eirsat/EirsatBeacon.java
index 7823fd22..7a7a6754 100644
--- a/src/main/java/ru/r2cloud/jradio/eirsat/EirsatBeacon.java
+++ b/src/main/java/ru/r2cloud/jradio/eirsat/EirsatBeacon.java
@@ -16,6 +16,9 @@ public class EirsatBeacon extends TransferFrame {
 	@Override
 	public void readBeacon(DataInputStream dis) throws IOException, UncorrectableException {
 		if (getHeader().getFieldStatus().getFirstHeaderPointer() != 0) {
+			if (getHeader().getFieldStatus().getFirstHeaderPointer() > dis.available()) {
+				throw new UncorrectableException("invalid header offset: " + getHeader().getFieldStatus().getFirstHeaderPointer());
+			}
 			byte[] payload = new byte[getHeader().getFieldStatus().getFirstHeaderPointer()];
 			dis.readFully(payload);
 			Packet partial = new Packet();
diff --git a/src/main/java/ru/r2cloud/jradio/netsat/NetSatBeacon.java b/src/main/java/ru/r2cloud/jradio/netsat/NetSatBeacon.java
index 26ee7118..6c013d4f 100644
--- a/src/main/java/ru/r2cloud/jradio/netsat/NetSatBeacon.java
+++ b/src/main/java/ru/r2cloud/jradio/netsat/NetSatBeacon.java
@@ -43,6 +43,9 @@ public void readBeacon(byte[] data) throws IOException, UncorrectableException {
 		if (compassHeader.getPayloadSize() == 53) {
 			modelPacket = new ModelPacket(ldis);
 		} else {
+			if (compassHeader.getPayloadSize() > ldis.available()) {
+				throw new UncorrectableException("invalid header size: " + compassHeader.getPayloadSize());
+			}
 			unknownPayload = new byte[compassHeader.getPayloadSize()];
 			ldis.readFully(unknownPayload);
 		}