#3731: Update cookie handling with vanilla limits and don't allow unrequested cookies

2024-08-24 12:27:05 +02:00 · 2024-08-24 12:27:05 +02:00 · e1d4b6adc7
commit e1d4b6adc7
parent 534148763f
2 changed files with 5 additions and 1 deletions
--- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java
@ -23,7 +23,7 @@ public class CookieResponse extends DefinedPacket
    public void read(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
    {
        cookie = readString( buf );
-        data = readNullable( DefinedPacket::readArray, buf );
+        data = readNullable( read -> DefinedPacket.readArray( read, 5120 ), buf );
    }

    @Override
--- a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java
+++ b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java
@ -716,6 +716,10 @@ public class InitialHandler extends PacketHandler implements PendingConnection

            throw CancelSendSignal.INSTANCE;
        }
+
+        // if there is no userCon we can't have a connection to a backend server that could have requested this cookie
+        // which means that this cookie is invalid as the proxy also has not requested it
+        Preconditions.checkState( userCon != null, "not requested cookie received" );
    }

    @Override