From 540e924bfbc2e8f35b2141113c94fa4cf37d9367 Mon Sep 17 00:00:00 2001
From: Thinkofname <thinkofdeath@spigotmc.org>
Date: Mon, 28 Mar 2016 21:06:53 +0100
Subject: [PATCH] Add limits to byte arrays and string lists

---
 .../java/net/md_5/bungee/protocol/DefinedPacket.java | 12 +++++++++++-
 .../bungee/protocol/packet/EncryptionResponse.java   |  4 ++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
index 7eec240f..c4deabe4 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java
@@ -35,19 +35,28 @@ public abstract class DefinedPacket
 
     public static void writeArray(byte[] b, ByteBuf buf)
     {
+        Preconditions.checkArgument( b.length <= Short.MAX_VALUE, "Cannot send byte array longer than Short.MAX_VALUE (got %s bytes)", b.length );
         writeVarInt( b.length, buf );
         buf.writeBytes( b );
     }
 
     public static byte[] readArray(ByteBuf buf)
     {
-        byte[] ret = new byte[ readVarInt( buf ) ];
+        return readArray( buf, Short.MAX_VALUE );
+    }
+
+    public static byte[] readArray(ByteBuf buf, int limit)
+    {
+        int len = readVarInt( buf );
+        Preconditions.checkArgument( len <= limit, "Cannot receive byte array longer than %d (got %s bytes)", limit, len );
+        byte[] ret = new byte[ len ];
         buf.readBytes( ret );
         return ret;
     }
 
     public static void writeStringArray(List<String> s, ByteBuf buf)
     {
+        Preconditions.checkArgument( s.size() <= 64, "Cannot send string array longer than 64 (got %s strings)", s.size() );
         writeVarInt( s.size(), buf );
         for ( String str : s )
         {
@@ -58,6 +67,7 @@ public abstract class DefinedPacket
     public static List<String> readStringArray(ByteBuf buf)
     {
         int len = readVarInt( buf );
+        Preconditions.checkArgument( len <= 64, "Cannot receive string array longer than 64 (got %s strings)", len );
         List<String> ret = new ArrayList<>( len );
         for ( int i = 0; i < len; i++ )
         {
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
index 1e6d8826..0110630d 100644
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/EncryptionResponse.java
@@ -22,8 +22,8 @@ public class EncryptionResponse extends DefinedPacket
     @Override
     public void read(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
     {
-        sharedSecret = readArray( buf );
-        verifyToken = readArray( buf );
+        sharedSecret = readArray( buf, 256 );
+        verifyToken = readArray( buf, 256 );
     }
 
     @Override