#3028: Add protocol level string length limits

2021-01-25 15:54:27 +11:00 · 2021-01-25 15:54:27 +11:00 · 3d701fbe0e
commit 3d701fbe0e
parent e95da11115
2 changed files with 15 additions and 4 deletions
--- a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
@ -32,17 +32,28 @@ public abstract class DefinedPacket
    }

    public static String readString(ByteBuf buf)
+    {
+        return readString( buf, Short.MAX_VALUE );
+    }
+
+    public static String readString(ByteBuf buf, int maxLen)
    {
        int len = readVarInt( buf );
-        if ( len > Short.MAX_VALUE )
+        if ( len > maxLen * 4 )
        {
-            throw new OverflowPacketException( String.format( "Cannot receive string longer than Short.MAX_VALUE (got %s characters)", len ) );
+            throw new OverflowPacketException( String.format( "Cannot receive string longer than %d (got %d bytes)", maxLen * 4, len ) );
        }

        byte[] b = new byte[ len ];
        buf.readBytes( b );

-        return new String( b, Charsets.UTF_8 );
+        String s = new String( b, Charsets.UTF_8 );
+        if ( s.length() > maxLen )
+        {
+            throw new OverflowPacketException( String.format( "Cannot receive string longer than %d (got %d characters)", maxLen, s.length() ) );
+        }
+
+        return s;
    }

    public static void writeArray(byte[] b, ByteBuf buf)
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/LoginRequest.java
@ -24,7 +24,7 @@ public class LoginRequest extends DefinedPacket
    @Override
    public void read(ByteBuf buf)
    {
-        data = readString( buf );
+        data = readString( buf, 16 );
    }

    @Override