From e1d4b6adc7d00bb6d907d682ceeb03969866ee9d Mon Sep 17 00:00:00 2001 From: Outfluencer <48880402+Outfluencer@users.noreply.github.com> Date: Sat, 24 Aug 2024 12:27:05 +0200 Subject: [PATCH] #3731: Update cookie handling with vanilla limits and don't allow unrequested cookies --- .../java/net/md_5/bungee/protocol/packet/CookieResponse.java | 2 +- .../main/java/net/md_5/bungee/connection/InitialHandler.java | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java index 77a541b6..24b1fa05 100644 --- a/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java +++ b/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java @@ -23,7 +23,7 @@ public class CookieResponse extends DefinedPacket public void read(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion) { cookie = readString( buf ); - data = readNullable( DefinedPacket::readArray, buf ); + data = readNullable( read -> DefinedPacket.readArray( read, 5120 ), buf ); } @Override diff --git a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java index 413c8123..3bbf688b 100644 --- a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java +++ b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java @@ -716,6 +716,10 @@ public class InitialHandler extends PacketHandler implements PendingConnection throw CancelSendSignal.INSTANCE; } + + // if there is no userCon we can't have a connection to a backend server that could have requested this cookie + // which means that this cookie is invalid as the proxy also has not requested it + Preconditions.checkState( userCon != null, "not requested cookie received" ); } @Override