Also check max length.

clementine-player · Nov 25, 2014 · 4ca0894 · 4ca0894
1 parent 073c54a
commit 4ca0894
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/src/de/qspool/clementineremote/backend/ClementineSimpleConnection.java b/app/src/de/qspool/clementineremote/backend/ClementineSimpleConnection.java
@@ -96,7 +96,8 @@ public ClementineMessage getProtoc() {
             // Read the data and return it
             mSocket.setSoTimeout(3000);
             int len = mIn.readInt();
-            if (len < 0) {
+            // Check length. If it is less zero or more than 50mb it's very likely we got invalid data
+            if (len < 0 || len > 52428800) {
                 throw new IOException("Invalid data length");
             }
             byte[] data = new byte[len];