3
0
Mirror von https://github.com/ViaVersion/ViaVersion.git synchronisiert 2024-12-26 16:12:42 +01:00

Properly enclose limiting of nbt reading

Fixes #3093
Dieser Commit ist enthalten in:
Nassim Jahnke 2022-08-14 22:24:31 +02:00
Ursprung 6c58f0980c
Commit 435a986068
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: 6BE3B555EBC5982B
2 geänderte Dateien mit 6 neuen und 5 gelöschten Zeilen

Datei anzeigen

@ -24,7 +24,7 @@ package com.viaversion.viaversion.api.type.types.minecraft;
import com.github.steveice10.opennbt.NBTIO; import com.github.steveice10.opennbt.NBTIO;
import com.github.steveice10.opennbt.tag.builtin.CompoundTag; import com.github.steveice10.opennbt.tag.builtin.CompoundTag;
import com.google.common.base.Preconditions; import com.github.steveice10.opennbt.tag.limiter.TagLimiter;
import com.viaversion.viaversion.api.type.Type; import com.viaversion.viaversion.api.type.Type;
import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufInputStream; import io.netty.buffer.ByteBufInputStream;
@ -35,21 +35,22 @@ import java.io.DataOutput;
public class NBTType extends Type<CompoundTag> { public class NBTType extends Type<CompoundTag> {
private static final int MAX_NBT_BYTES = 2097152; // 2mb
private static final int MAX_NESTING_LEVEL = 512;
public NBTType() { public NBTType() {
super(CompoundTag.class); super(CompoundTag.class);
} }
@Override @Override
public CompoundTag read(ByteBuf buffer) throws Exception { public CompoundTag read(ByteBuf buffer) throws Exception {
Preconditions.checkArgument(buffer.readableBytes() <= 2097152, "Cannot read NBT (got %s bytes)", buffer.readableBytes());
int readerIndex = buffer.readerIndex(); int readerIndex = buffer.readerIndex();
byte b = buffer.readByte(); byte b = buffer.readByte();
if (b == 0) { if (b == 0) {
return null; return null;
} else { } else {
buffer.readerIndex(readerIndex); buffer.readerIndex(readerIndex);
return NBTIO.readTag((DataInput) new ByteBufInputStream(buffer)); return NBTIO.readTag((DataInput) new ByteBufInputStream(buffer), TagLimiter.create(MAX_NBT_BYTES, MAX_NESTING_LEVEL));
} }
} }

Datei anzeigen

@ -6,7 +6,7 @@ adventure = "4.9.3"
gson = "2.8.8" gson = "2.8.8"
fastutil = "8.5.6" fastutil = "8.5.6"
flare = "2.0.0" flare = "2.0.0"
openNBT = "2.0" openNBT = "2.1"
javassist = "3.28.0-GA" javassist = "3.28.0-GA"
# Common provided # Common provided