Limit the length of byte arrays

2016-03-28 21:19:05 +01:00 · 2016-03-28 21:19:05 +01:00 · fc9ee90fc5
Commit fc9ee90fc5
--- a/nms-patches/PacketDataSerializer.patch
+++ b/nms-patches/PacketDataSerializer.patch
@ -9,7 +9,25 @@
 public class PacketDataSerializer extends ByteBuf {
 
     private final ByteBuf a;
-@@ -99,7 +101,7 @@
+@@ -44,8 +46,16 @@
+         return this;
+     }
+ 
+    // CraftBukkit start - limit length
+     public byte[] a() {
+-        byte[] abyte = new byte[this.g()];
+        return readByteArray(Short.MAX_VALUE);
+    }
+
+    public byte[] readByteArray(int limit) {
+        int len = this.g();
+        if (len > limit) throw new DecoderException("The received a byte array longer than allowed " + len + " > " + limit);
+        byte[] abyte = new byte[len];
+    // CraftBukkit end
+ 
+         this.readBytes(abyte);
+         return abyte;
+@@ -99,7 +109,7 @@
     }
 
     public <T extends Enum<T>> T a(Class<T> oclass) {
@ -18,7 +36,7 @@
     }
 
     public PacketDataSerializer a(Enum<?> oenum) {
-@@ -176,7 +178,7 @@
+@@ -176,7 +186,7 @@
         } else {
             try {
                 NBTCompressedStreamTools.a(nbttagcompound, (DataOutput) (new ByteBufOutputStream(this)));
@ -27,7 +45,7 @@
                 throw new EncoderException(ioexception);
             }
         }
-@@ -202,7 +204,7 @@
+@@ -202,7 +212,7 @@
     }
 
     public PacketDataSerializer a(ItemStack itemstack) {
@ -36,7 +54,7 @@
             this.writeShort(-1);
         } else {
             this.writeShort(Item.getId(itemstack.getItem()));
-@@ -230,6 +232,11 @@
+@@ -230,6 +240,11 @@
 
             itemstack = new ItemStack(Item.getById(short0), b0, short1);
             itemstack.setTag(this.j());
--- a/nms-patches/PacketLoginInEncryptionBegin.patch
+++ b/nms-patches/PacketLoginInEncryptionBegin.patch
@ -0,0 +1,15 @@
+--- a/net/minecraft/server/PacketLoginInEncryptionBegin.java
+++ b/net/minecraft/server/PacketLoginInEncryptionBegin.java
+@@ -12,8 +12,10 @@
+     public PacketLoginInEncryptionBegin() {}
+ 
+     public void a(PacketDataSerializer packetdataserializer) throws IOException {
+-        this.a = packetdataserializer.a();
+-        this.b = packetdataserializer.a();
+        // CraftBukkit start - limit length
+        this.a = packetdataserializer.readByteArray(256);
+        this.b = packetdataserializer.readByteArray(256);
+        // CraftBukkit end
+     }
+ 
+     public void b(PacketDataSerializer packetdataserializer) throws IOException {