From 01471d6e637fd9958cfcbd7043d411aac19ac792 Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Wed, 27 Jul 2016 01:40:07 -0700
Subject: [PATCH] bip151: add minimum packet size.

---
 lib/bcoin/bip151.js | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/bcoin/bip151.js b/lib/bcoin/bip151.js
index 7646fe46..148612c7 100644
--- a/lib/bcoin/bip151.js
+++ b/lib/bcoin/bip151.js
@@ -289,7 +289,7 @@ BIP151Stream.prototype.verify = function verify(tag) {
  */
 
 BIP151Stream.prototype.feed = function feed(data) {
-  var chunk, payload, tag, p, cmd, body;
+  var chunk, size, payload, tag, p, cmd, body;
 
   while (data) {
     if (!this.hasHeader) {
@@ -305,18 +305,21 @@ BIP151Stream.prototype.feed = function feed(data) {
       this.pendingHeaderTotal = 0;
       this.pendingHeader.length = 0;
 
-      this.waiting = this.decryptSize(chunk) + 16;
+      size = this.decryptSize(chunk);
 
-      // Allow 3 batched packets of max message size.
+      // Allow 3 batched packets of max message size (12mb).
       // Not technically standard, but this protects us
       // from buffering tons of data due to either an
       // potential dos'er or a cipher state mismatch.
-      if (this.waiting - 32 > constants.MAX_MESSAGE * 3) {
-        this.waiting = 0;
-        this.emit('error', new Error('Packet too large.'));
+      // Note that 6 is the minimum size:
+      // cmd=varint(1) string(1) length(4) data(0)
+      if (size < 6 || size > constants.MAX_MESSAGE * 3) {
+        assert(this.waiting === 0);
+        this.emit('error', new Error('Bad packet size.'));
         continue;
       }
 
+      this.waiting = size + 16;
       this.hasHeader = true;
 
       data = chunk.slice(4);