From c942aa06f930a28bcdea16d20f11744a4901cc71 Mon Sep 17 00:00:00 2001
From: Scott Powell <sqij@protonmail.com>
Date: Sat, 26 Apr 2025 11:05:13 +1000
Subject: [PATCH] * Packet::readFrom() payload_len guard

---
 src/Packet.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Packet.cpp b/src/Packet.cpp
index cb31638c..2d54ca45 100644
--- a/src/Packet.cpp
+++ b/src/Packet.cpp
@@ -52,6 +52,7 @@ bool Packet::readFrom(const uint8_t src[], uint8_t len) {
   memcpy(path, &src[i], path_len); i += path_len;
   if (i >= len) return false;   // bad encoding
   payload_len = len - i;
+  if (payload_len > sizeof(payload)) return false;  // bad encoding
   memcpy(payload, &src[i], payload_len); //i += payload_len;
   return true;   // success
 }