From 2889867c4c6a73ab2d5d5eb5955ad21a2c44f646 Mon Sep 17 00:00:00 2001
From: Scott Powell <sqij@protonmail.com>
Date: Sat, 8 Mar 2025 19:38:36 +1100
Subject: [PATCH] * Dispatcher: added guard for packet payload size too large

---
 src/Dispatcher.cpp | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/Dispatcher.cpp b/src/Dispatcher.cpp
index 3c351eb7..b9da0e65 100644
--- a/src/Dispatcher.cpp
+++ b/src/Dispatcher.cpp
@@ -106,10 +106,16 @@ void Dispatcher::checkRecv() {
           memcpy(pkt->path, &raw[i], pkt->path_len); i += pkt->path_len;
 
           pkt->payload_len = len - i;  // payload is remainder
-          memcpy(pkt->payload, &raw[i], pkt->payload_len);
+          if (pkt->payload_len > sizeof(pkt->payload)) {
+            MESH_DEBUG_PRINTLN("%s Dispatcher::checkRecv(): packet payload too big, payload_len=%d", getLogDateTime(), (uint32_t)pkt->payload_len);
+            _mgr->free(pkt);  // put back into pool
+            pkt = NULL;  
+          } else {
+            memcpy(pkt->payload, &raw[i], pkt->payload_len);
 
-          score = _radio->packetScore(_radio->getLastSNR(), len);
-          air_time = _radio->getEstAirtimeFor(len);
+            score = _radio->packetScore(_radio->getLastSNR(), len);
+            air_time = _radio->getEstAirtimeFor(len);
+          }
         }
       }
     } else {