From 5e00c79020446eeb4d0c703889f7f8012711f578 Mon Sep 17 00:00:00 2001 From: CraftBukkit/Spigot Date: Mon, 28 Mar 2016 21:19:05 +0100 Subject: [PATCH] Limit the length of byte arrays By: Thinkofname --- .../nms-patches/PacketDataSerializer.patch | 26 ++++++++++++++++--- .../PacketLoginInEncryptionBegin.patch | 15 +++++++++++ 2 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 paper-server/nms-patches/PacketLoginInEncryptionBegin.patch diff --git a/paper-server/nms-patches/PacketDataSerializer.patch b/paper-server/nms-patches/PacketDataSerializer.patch index 3208a310b5..010ab30249 100644 --- a/paper-server/nms-patches/PacketDataSerializer.patch +++ b/paper-server/nms-patches/PacketDataSerializer.patch @@ -9,7 +9,25 @@ public class PacketDataSerializer extends ByteBuf { private final ByteBuf a; -@@ -99,7 +101,7 @@ +@@ -44,8 +46,16 @@ + return this; + } + ++ // CraftBukkit start - limit length + public byte[] a() { +- byte[] abyte = new byte[this.g()]; ++ return readByteArray(Short.MAX_VALUE); ++ } ++ ++ public byte[] readByteArray(int limit) { ++ int len = this.g(); ++ if (len > limit) throw new DecoderException("The received a byte array longer than allowed " + len + " > " + limit); ++ byte[] abyte = new byte[len]; ++ // CraftBukkit end + + this.readBytes(abyte); + return abyte; +@@ -99,7 +109,7 @@ } public > T a(Class oclass) { @@ -18,7 +36,7 @@ } public PacketDataSerializer a(Enum oenum) { -@@ -176,7 +178,7 @@ +@@ -176,7 +186,7 @@ } else { try { NBTCompressedStreamTools.a(nbttagcompound, (DataOutput) (new ByteBufOutputStream(this))); @@ -27,7 +45,7 @@ throw new EncoderException(ioexception); } } -@@ -202,7 +204,7 @@ +@@ -202,7 +212,7 @@ } public PacketDataSerializer a(ItemStack itemstack) { @@ -36,7 +54,7 @@ this.writeShort(-1); } else { this.writeShort(Item.getId(itemstack.getItem())); -@@ -230,6 +232,11 @@ +@@ -230,6 +240,11 @@ itemstack = new ItemStack(Item.getById(short0), b0, short1); itemstack.setTag(this.j()); diff --git a/paper-server/nms-patches/PacketLoginInEncryptionBegin.patch b/paper-server/nms-patches/PacketLoginInEncryptionBegin.patch new file mode 100644 index 0000000000..e2254aeeb7 --- /dev/null +++ b/paper-server/nms-patches/PacketLoginInEncryptionBegin.patch @@ -0,0 +1,15 @@ +--- a/net/minecraft/server/PacketLoginInEncryptionBegin.java ++++ b/net/minecraft/server/PacketLoginInEncryptionBegin.java +@@ -12,8 +12,10 @@ + public PacketLoginInEncryptionBegin() {} + + public void a(PacketDataSerializer packetdataserializer) throws IOException { +- this.a = packetdataserializer.a(); +- this.b = packetdataserializer.a(); ++ // CraftBukkit start - limit length ++ this.a = packetdataserializer.readByteArray(256); ++ this.b = packetdataserializer.readByteArray(256); ++ // CraftBukkit end + } + + public void b(PacketDataSerializer packetdataserializer) throws IOException {