From 31c3c2f924d07c04d487a845539052c0d8576fb4 Mon Sep 17 00:00:00 2001
From: vis2k <info@noobtuts.com>
Date: Wed, 25 Nov 2020 21:40:55 +0800
Subject: [PATCH] Telepathy: Common.ReadMessageBlocking: log warning instead of
 logging OverflowException if size header is negative

---
 Assets/Mirror/Runtime/Transport/Telepathy/Common.cs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Assets/Mirror/Runtime/Transport/Telepathy/Common.cs b/Assets/Mirror/Runtime/Transport/Telepathy/Common.cs
index e41a4c8fb..9f716097b 100644
--- a/Assets/Mirror/Runtime/Transport/Telepathy/Common.cs
+++ b/Assets/Mirror/Runtime/Transport/Telepathy/Common.cs
@@ -133,13 +133,15 @@ protected static bool ReadMessageBlocking(NetworkStream stream, int MaxMessageSi
             // protect against allocation attacks. an attacker might send
             // multiple fake '2GB header' packets in a row, causing the server
             // to allocate multiple 2GB byte arrays and run out of memory.
-            if (size <= MaxMessageSize)
+            //
+            // also protect against size <= 0 which would cause issues
+            if (size > 0 && size <= MaxMessageSize)
             {
                 // read exactly 'size' bytes for content (blocking)
                 content = new byte[size];
                 return stream.ReadExactly(content, size);
             }
-            Logger.LogWarning("ReadMessageBlocking: possible allocation attack with a header of: " + size + " bytes.");
+            Logger.LogWarning("ReadMessageBlocking: possible header attack with a header of: " + size + " bytes.");
             return false;
         }