#3028: Add protocol level string length limits

This commit is contained in:
md_5 2021-01-25 15:54:27 +11:00
parent e95da11115
commit 3d701fbe0e
No known key found for this signature in database
GPG Key ID: E8E901AC7C617C11
2 changed files with 15 additions and 4 deletions

View File

@ -32,17 +32,28 @@ public abstract class DefinedPacket
}
public static String readString(ByteBuf buf)
{
return readString( buf, Short.MAX_VALUE );
}
public static String readString(ByteBuf buf, int maxLen)
{
int len = readVarInt( buf );
if ( len > Short.MAX_VALUE )
if ( len > maxLen * 4 )
{
throw new OverflowPacketException( String.format( "Cannot receive string longer than Short.MAX_VALUE (got %s characters)", len ) );
throw new OverflowPacketException( String.format( "Cannot receive string longer than %d (got %d bytes)", maxLen * 4, len ) );
}
byte[] b = new byte[ len ];
buf.readBytes( b );
return new String( b, Charsets.UTF_8 );
String s = new String( b, Charsets.UTF_8 );
if ( s.length() > maxLen )
{
throw new OverflowPacketException( String.format( "Cannot receive string longer than %d (got %d characters)", maxLen, s.length() ) );
}
return s;
}
public static void writeArray(byte[] b, ByteBuf buf)

View File

@ -24,7 +24,7 @@ public class LoginRequest extends DefinedPacket
@Override
public void read(ByteBuf buf)
{
data = readString( buf );
data = readString( buf, 16 );
}
@Override