From 3d701fbe0ec690d83c10487c57e7dbff353fb0d7 Mon Sep 17 00:00:00 2001
From: md_5 <git@md-5.net>
Date: Mon, 25 Jan 2021 15:54:27 +1100
Subject: [PATCH] #3028: Add protocol level string length limits

---
 .../net/md_5/bungee/protocol/DefinedPacket.java | 17 ++++++++++++++---
 .../bungee/protocol/packet/LoginRequest.java    |  2 +-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
index f4470588..0cef9430 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
@@ -32,17 +32,28 @@ public abstract class DefinedPacket
     }
 
     public static String readString(ByteBuf buf)
+    {
+        return readString( buf, Short.MAX_VALUE );
+    }
+
+    public static String readString(ByteBuf buf, int maxLen)
     {
         int len = readVarInt( buf );
-        if ( len > Short.MAX_VALUE )
+        if ( len > maxLen * 4 )
         {
-            throw new OverflowPacketException( String.format( "Cannot receive string longer than Short.MAX_VALUE (got %s characters)", len ) );
+            throw new OverflowPacketException( String.format( "Cannot receive string longer than %d (got %d bytes)", maxLen * 4, len ) );
         }
 
         byte[] b = new byte[ len ];
         buf.readBytes( b );
 
-        return new String( b, Charsets.UTF_8 );
+        String s = new String( b, Charsets.UTF_8 );
+        if ( s.length() > maxLen )
+        {
+            throw new OverflowPacketException( String.format( "Cannot receive string longer than %d (got %d characters)", maxLen, s.length() ) );
+        }
+
+        return s;
     }
 
     public static void writeArray(byte[] b, ByteBuf buf)
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
index 32ba098c..a691f962 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
@@ -24,7 +24,7 @@ public class LoginRequest extends DefinedPacket
     @Override
     public void read(ByteBuf buf)
     {
-        data = readString( buf );
+        data = readString( buf, 16 );
     }
 
     @Override