1 files changed, 10 insertions, 2 deletions

diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c
index 863289aae..6f70720ba 100644
--- a/src/revocation/gnunet-service-revocation.c
+++ b/src/revocation/gnunet-service-revocation.c
@@ -306,12 +306,19 @@ publicize_rm (const struct RevokeMessage *rm)
   struct RevokeMessage *cp;
   struct GNUNET_HashCode hc;
   struct GNUNET_SETU_Element e;
+  ssize_t pklen;
   const struct GNUNET_IDENTITY_PublicKey *pk;
 
   struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
   pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  pklen = GNUNET_IDENTITY_key_get_length (pk);
+  if (0 > pklen)
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   GNUNET_CRYPTO_hash (pk,
-                      GNUNET_IDENTITY_key_get_length (pk),
+                      pklen,
                       &hc);
   if (GNUNET_YES ==
       GNUNET_CONTAINER_multihashmap_contains (revocation_map,
@@ -384,7 +391,8 @@ check_revoke_message (void *cls,
   uint16_t size;
 
   size = ntohs (rm->header.size);
-  if (size <= sizeof(struct RevokeMessage))
+  if (size <= sizeof(struct RevokeMessage) ||
+      (size > UINT16_MAX))
   {
     GNUNET_break (0);
     return GNUNET_SYSERR;