From 1aba9220a3f59a67b7cf2aefd97c8b3bb495b037 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Sat, 25 Apr 2026 10:15:08 -0400
Subject: [PATCH] I2CP: Add missing max length check on alternate readMessage()
 path

reported by: bottomlineit.co.za
---
 core/java/src/net/i2p/data/i2cp/I2CPMessageImpl.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/java/src/net/i2p/data/i2cp/I2CPMessageImpl.java b/core/java/src/net/i2p/data/i2cp/I2CPMessageImpl.java
index f11bbfdb3..a5d9f32d4 100644
--- a/core/java/src/net/i2p/data/i2cp/I2CPMessageImpl.java
+++ b/core/java/src/net/i2p/data/i2cp/I2CPMessageImpl.java
@@ -35,13 +35,14 @@ public abstract class I2CPMessageImpl implements I2CPMessage {
      * @throws IOException 
      */
     public void readMessage(InputStream in) throws I2CPMessageException, IOException {
-        int length = 0;
+        int length;
         try {
             length = (int) DataHelper.readLong(in, 4);
         } catch (DataFormatException dfe) {
             throw new I2CPMessageException("Error reading the length bytes", dfe);
         }
-        if (length < 0) throw new I2CPMessageException("Invalid message length specified");
+        if (length > I2CPMessageHandler.MAX_LENGTH)
+            throw new I2CPMessageException("Invalid message length specified");
         int type = in.read();
         if (type < 0)
             throw new EOFException();