#3377: Add additional checks for protocol length limits

protocol/src/main/java/net/md_5/bungee/protocol/DefinedPacket.java

@@ -21,12 +21,22 @@ public abstract class DefinedPacket
 
     public static void writeString(String s, ByteBuf buf)
     {
-        if ( s.length() > Short.MAX_VALUE )
+        writeString( s, buf, Short.MAX_VALUE );
+    }
+
+    public static void writeString(String s, ByteBuf buf, int maxLength)
+    {
+        if ( s.length() > maxLength )
         {
-            throw new OverflowPacketException( "Cannot send string longer than Short.MAX_VALUE (got " + s.length() + " characters)" );
+            throw new OverflowPacketException( "Cannot send string longer than " + maxLength + " (got " + s.length() + " characters)" );
         }
 
         byte[] b = s.getBytes( Charsets.UTF_8 );
+        if ( b.length > maxLength * 3 )
+        {
+            throw new OverflowPacketException( "Cannot send string longer than " + ( maxLength * 3 ) + " (got " + b.length + " bytes)" );
+        }
+
         writeVarInt( b.length, buf );
         buf.writeBytes( b );
     }
@@ -39,15 +49,14 @@ public abstract class DefinedPacket
     public static String readString(ByteBuf buf, int maxLen)
     {
         int len = readVarInt( buf );
-        if ( len > maxLen * 4 )
+        if ( len > maxLen * 3 )
         {
-            throw new OverflowPacketException( "Cannot receive string longer than " + maxLen * 4 + " (got " + len + " bytes)" );
+            throw new OverflowPacketException( "Cannot receive string longer than " + maxLen * 3 + " (got " + len + " bytes)" );
         }
 
-        byte[] b = new byte[ len ];
+        String s = buf.toString( buf.readerIndex(), len, Charsets.UTF_8 );
-        buf.readBytes( b );
+        buf.readerIndex( buf.readerIndex() + len );
 
-        String s = new String( b, Charsets.UTF_8 );
         if ( s.length() > maxLen )
         {
             throw new OverflowPacketException( "Cannot receive string longer than " + maxLen + " (got " + s.length() + " characters)" );
@@ -275,7 +284,7 @@ public abstract class DefinedPacket
     {
         if ( buf.readBoolean() )
         {
-            return new PlayerPublicKey( buf.readLong(), readArray( buf ), readArray( buf ) );
+            return new PlayerPublicKey( buf.readLong(), readArray( buf, 512 ), readArray( buf, 4096 ) );
         }
 
         return null;

protocol/src/main/java/net/md_5/bungee/protocol/packet/Chat.java

@@ -54,7 +54,7 @@ public class Chat extends DefinedPacket
     @Override
     public void write(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
     {
-        writeString( message, buf );
+        writeString( message, buf, ( direction == ProtocolConstants.Direction.TO_CLIENT ) ? 262144 : ( protocolVersion >= ProtocolConstants.MINECRAFT_1_11 ? 256 : 100 ) );
         if ( direction == ProtocolConstants.Direction.TO_CLIENT )
         {
             buf.writeByte( position );

protocol/src/main/java/net/md_5/bungee/protocol/packet/ServerData.java

@@ -47,7 +47,7 @@ public class ServerData extends DefinedPacket
         if ( motd != null )
         {
             buf.writeBoolean( true );
-            writeString( motd, buf );
+            writeString( motd, buf, 262144 );
         } else
         {
             buf.writeBoolean( false );

protocol/src/main/java/net/md_5/bungee/protocol/packet/SystemChat.java

@@ -30,7 +30,7 @@ public class SystemChat extends DefinedPacket
     @Override
     public void write(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
     {
-        writeString( message, buf );
+        writeString( message, buf, 262144 );
         if ( protocolVersion >= ProtocolConstants.MINECRAFT_1_19_1 )
         {
             buf.writeBoolean( position == ChatMessageType.ACTION_BAR.ordinal() );