From a1946c8fc87d70f6b7c2238256ec0a28e0e1f868 Mon Sep 17 00:00:00 2001
From: Ember <BeigeBox@users.noreply.github.com>
Date: Sun, 5 Apr 2026 17:53:52 -0700
Subject: [PATCH] Validate DMRD packet length before enqueuing

The received packet length was stored as unsigned char (max 255) and
used without validating it matches the expected 55-byte DMRD packet
size. Reject packets that don't match the expected length to prevent
stale data reads and silent truncation.
---
 DMRNetwork.cpp   | 2 +-
 MMDVMNetwork.cpp | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/DMRNetwork.cpp b/DMRNetwork.cpp
index 290f613..a524f77 100644
--- a/DMRNetwork.cpp
+++ b/DMRNetwork.cpp
@@ -366,7 +366,7 @@ void CDMRNetwork::clock(unsigned int ms)
 			if (m_debug)
 				CUtils::dump(1U, "Network Received", m_buffer, length);
 
-			if (m_enabled) {
+			if (m_enabled && length == HOMEBREW_DATA_PACKET_LENGTH) {
 				unsigned char len = length;
 				m_rxData.addData(&len, 1U);
 				m_rxData.addData(m_buffer, len);
diff --git a/MMDVMNetwork.cpp b/MMDVMNetwork.cpp
index 26ee39d..c2066c2 100644
--- a/MMDVMNetwork.cpp
+++ b/MMDVMNetwork.cpp
@@ -272,9 +272,11 @@ void CMMDVMNetwork::clock(unsigned int ms)
 		CUtils::dump(1U, "Network Received", m_buffer, length);
 
 	if (::memcmp(m_buffer, "DMRD", 4U) == 0) {
-		unsigned char len = length;
-		m_rxData.addData(&len, 1U);
-		m_rxData.addData(m_buffer, len);
+		if (length == HOMEBREW_DATA_PACKET_LENGTH) {
+			unsigned char len = length;
+			m_rxData.addData(&len, 1U);
+			m_rxData.addData(m_buffer, len);
+		}
 	} else if (::memcmp(m_buffer, "DMRG", 4U) == 0) {
 		if (length <= 50U) {
 			::memcpy(m_radioPositionData, m_buffer, length);