#3377: Add additional checks for protocol length limits

This commit is contained in:
Outfluencer 2022-08-16 11:26:33 +02:00 committed by GitHub
parent 696315615d
commit 5cdba87b87
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 11 deletions

View File

@ -21,12 +21,22 @@ public abstract class DefinedPacket
public static void writeString(String s, ByteBuf buf) public static void writeString(String s, ByteBuf buf)
{ {
if ( s.length() > Short.MAX_VALUE ) writeString( s, buf, Short.MAX_VALUE );
}
public static void writeString(String s, ByteBuf buf, int maxLength)
{ {
throw new OverflowPacketException( "Cannot send string longer than Short.MAX_VALUE (got " + s.length() + " characters)" ); if ( s.length() > maxLength )
{
throw new OverflowPacketException( "Cannot send string longer than " + maxLength + " (got " + s.length() + " characters)" );
} }
byte[] b = s.getBytes( Charsets.UTF_8 ); byte[] b = s.getBytes( Charsets.UTF_8 );
if ( b.length > maxLength * 3 )
{
throw new OverflowPacketException( "Cannot send string longer than " + ( maxLength * 3 ) + " (got " + b.length + " bytes)" );
}
writeVarInt( b.length, buf ); writeVarInt( b.length, buf );
buf.writeBytes( b ); buf.writeBytes( b );
} }
@ -39,15 +49,14 @@ public abstract class DefinedPacket
public static String readString(ByteBuf buf, int maxLen) public static String readString(ByteBuf buf, int maxLen)
{ {
int len = readVarInt( buf ); int len = readVarInt( buf );
if ( len > maxLen * 4 ) if ( len > maxLen * 3 )
{ {
throw new OverflowPacketException( "Cannot receive string longer than " + maxLen * 4 + " (got " + len + " bytes)" ); throw new OverflowPacketException( "Cannot receive string longer than " + maxLen * 3 + " (got " + len + " bytes)" );
} }
byte[] b = new byte[ len ]; String s = buf.toString( buf.readerIndex(), len, Charsets.UTF_8 );
buf.readBytes( b ); buf.readerIndex( buf.readerIndex() + len );
String s = new String( b, Charsets.UTF_8 );
if ( s.length() > maxLen ) if ( s.length() > maxLen )
{ {
throw new OverflowPacketException( "Cannot receive string longer than " + maxLen + " (got " + s.length() + " characters)" ); throw new OverflowPacketException( "Cannot receive string longer than " + maxLen + " (got " + s.length() + " characters)" );
@ -275,7 +284,7 @@ public abstract class DefinedPacket
{ {
if ( buf.readBoolean() ) if ( buf.readBoolean() )
{ {
return new PlayerPublicKey( buf.readLong(), readArray( buf ), readArray( buf ) ); return new PlayerPublicKey( buf.readLong(), readArray( buf, 512 ), readArray( buf, 4096 ) );
} }
return null; return null;

View File

@ -54,7 +54,7 @@ public class Chat extends DefinedPacket
@Override @Override
public void write(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) public void write(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
{ {
writeString( message, buf ); writeString( message, buf, ( direction == ProtocolConstants.Direction.TO_CLIENT ) ? 262144 : ( protocolVersion >= ProtocolConstants.MINECRAFT_1_11 ? 256 : 100 ) );
if ( direction == ProtocolConstants.Direction.TO_CLIENT ) if ( direction == ProtocolConstants.Direction.TO_CLIENT )
{ {
buf.writeByte( position ); buf.writeByte( position );

View File

@ -47,7 +47,7 @@ public class ServerData extends DefinedPacket
if ( motd != null ) if ( motd != null )
{ {
buf.writeBoolean( true ); buf.writeBoolean( true );
writeString( motd, buf ); writeString( motd, buf, 262144 );
} else } else
{ {
buf.writeBoolean( false ); buf.writeBoolean( false );

View File

@ -30,7 +30,7 @@ public class SystemChat extends DefinedPacket
@Override @Override
public void write(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) public void write(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
{ {
writeString( message, buf ); writeString( message, buf, 262144 );
if ( protocolVersion >= ProtocolConstants.MINECRAFT_1_19_1 ) if ( protocolVersion >= ProtocolConstants.MINECRAFT_1_19_1 )
{ {
buf.writeBoolean( position == ChatMessageType.ACTION_BAR.ordinal() ); buf.writeBoolean( position == ChatMessageType.ACTION_BAR.ordinal() );