Filename truncation / ambiguity risk

[xayaank]

Current:
name_len = struct.unpack("!I", data[:4])[0]

relies on trusting first 4 bytes blindly

Problem:
No upper bound check before unpacking beyond MAX_NAME_LEN is good, but attacker can still craft huge valid int if MAX_NAME_LEN increases later