From 517cf93fbd1c97a9909c6643601c8592553966bd Mon Sep 17 00:00:00 2001
From: David Barksdale <amatus@amat.us>
Date: Fri, 22 Dec 2017 14:54:30 -0600
Subject: [PATCH] Check for invalid path_length

---
 src/cadet/gnunet-service-cadet_core.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/cadet/gnunet-service-cadet_core.c b/src/cadet/gnunet-service-cadet_core.c
index ae03b4f35..a67bbf445 100644
--- a/src/cadet/gnunet-service-cadet_core.c
+++ b/src/cadet/gnunet-service-cadet_core.c
@@ -771,6 +771,12 @@ handle_connection_create (void *cls,
 
   options = (enum GNUNET_CADET_ChannelOption) ntohl (msg->options);
   path_length = size / sizeof (struct GNUNET_PeerIdentity);
+  if (0 == path_length)
+  {
+    /* bogus request */
+    GNUNET_break_op (0);
+    return;
+  }
   /* Initiator is at offset 0. */
   for (off=1;off<path_length;off++)
     if (0 == memcmp (&my_full_id,
-- 
2.25.1