From a438707b375cc6f4f8ed9f35e6e2570aa2cd3df9 Mon Sep 17 00:00:00 2001
From: "Richard T. Carback III" <rick.carback@gmail.com>
Date: Thu, 21 Apr 2022 21:44:08 +0000
Subject: [PATCH] Don't accept mis-sized message payloads in the cmix send
 layer

---
 cmix/sendCmix.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/cmix/sendCmix.go b/cmix/sendCmix.go
index e7267460c..73dfcfbd2 100644
--- a/cmix/sendCmix.go
+++ b/cmix/sendCmix.go
@@ -62,12 +62,22 @@ func (c *client) Send(recipient *id.ID, fingerprint format.Fingerprint,
 			"Cannot send cmix message when the network is not healthy")
 	}
 
+	if len(payload) != c.maxMsgLen {
+		return 0, ephemeral.Id{}, errors.Errorf(
+			"bad message length (%d, need %d)",
+			len(payload), c.maxMsgLen)
+	}
+
 	// Build message. Will panic if inputs are not correct.
 	msg := format.NewMessage(c.session.GetCmixGroup().GetP().ByteLen())
-	msg.SetKeyFP(fingerprint)
 	msg.SetContents(payload)
-	msg.SetMac(mac)
+	msg.SetKeyFP(fingerprint)
 	msg.SetSIH(service.Hash(msg.GetContents()))
+	msg.SetMac(mac)
+
+	jww.TRACE.Printf("sendCmix Contents: %v, KeyFP: %v, MAC: %v, SIH: %v",
+		msg.GetContents(), msg.GetKeyFP(), msg.GetMac(),
+		msg.GetSIH())
 
 	if cmixParams.Critical {
 		c.crit.AddProcessing(msg, recipient, cmixParams)
-- 
GitLab