3
0
Mirror von https://github.com/PaperMC/Velocity.git synchronisiert 2024-12-24 23:30:26 +01:00

Strictly limit the hostname size and limit it to ASCII characters only

Dieser Commit ist enthalten in:
Andrew Steinborn 2021-01-29 17:56:50 -05:00
Ursprung 4219bf7b09
Commit 4f6d238b39
2 geänderte Dateien mit 26 neuen und 2 gelöschten Zeilen

Datei anzeigen

@ -102,7 +102,7 @@ public enum ProtocolUtils {
}
/**
* Reads a VarInt length-prefixed string from the {@code buf}, making sure to not go over
* Reads a VarInt length-prefixed UTF-8 string from the {@code buf}, making sure to not go over
* {@code cap} size.
* @param buf the buffer to read from
* @param cap the maximum size of the string, in UTF-8 character length
@ -113,6 +113,24 @@ public enum ProtocolUtils {
return readString(buf, cap, length);
}
/**
* Reads a VarInt length-prefixed ASCII string from the {@code buf}, making sure to not go over
* {@code cap} size. This method is specialized for select parts of the Minecraft protocol where
* ASCII characters are guaranteed to be used.
*
* @param buf the buffer to read from
* @param cap the maximum size of the string, in UTF-8 character length
* @return the decoded string
*/
public static String readAsciiString(ByteBuf buf, int cap) {
int length = readVarInt(buf);
checkFrame(length >= 0, "Got a negative-length string (%s)", length);
checkFrame(length <= cap, "Bad string size (got %s, maximum is %s)", length, cap);
String str = buf.toString(buf.readerIndex(), length, StandardCharsets.US_ASCII);
buf.skipBytes(length);
return str;
}
private static String readString(ByteBuf buf, int cap, int length) {
checkFrame(length >= 0, "Got a negative-length string (%s)", length);
// `cap` is interpreted as a UTF-8 character length. To cover the full Unicode plane, we must

Datei anzeigen

@ -1,13 +1,19 @@
package com.velocitypowered.proxy.protocol.packet;
import static com.velocitypowered.proxy.connection.forge.legacy.LegacyForgeConstants.HANDSHAKE_HOSTNAME_TOKEN;
import com.velocitypowered.api.network.ProtocolVersion;
import com.velocitypowered.proxy.connection.MinecraftSessionHandler;
import com.velocitypowered.proxy.connection.forge.legacy.LegacyForgeConstants;
import com.velocitypowered.proxy.protocol.MinecraftPacket;
import com.velocitypowered.proxy.protocol.ProtocolUtils;
import io.netty.buffer.ByteBuf;
public class Handshake implements MinecraftPacket {
// This size was chosen to ensure Forge clients can still connect even with very long hostnames.
// While DNS technically allows any character to be used, in practice ASCII is used.
private static final int MAXIMUM_HOSTNAME_LENGTH = 255 + HANDSHAKE_HOSTNAME_TOKEN.length() + 1;
private ProtocolVersion protocolVersion;
private String serverAddress = "";
private int port;
@ -59,7 +65,7 @@ public class Handshake implements MinecraftPacket {
public void decode(ByteBuf buf, ProtocolUtils.Direction direction, ProtocolVersion ignored) {
int realProtocolVersion = ProtocolUtils.readVarInt(buf);
this.protocolVersion = ProtocolVersion.getProtocolVersion(realProtocolVersion);
this.serverAddress = ProtocolUtils.readString(buf);
this.serverAddress = ProtocolUtils.readAsciiString(buf, MAXIMUM_HOSTNAME_LENGTH);
this.port = buf.readUnsignedShort();
this.nextStatus = ProtocolUtils.readVarInt(buf);
}