SteamWar/Velocity
13
0
Fork 0
geforkt von Mirrors/Velocity
Code Issues Pull-Requests Aktivität

Revert strict handshake hostname checks

Quellcode durchsuchen 
These will break TCPShield and Cosmic Guard plugins. Sad as this was a worthwhile mitigation.
Dieser Commit ist enthalten in:
Andrew Steinborn 2021-01-29 23:08:14 -05:00
Ursprung 501853e807
Commit 4f80d2b261
2 geänderte Dateien mit 2 neuen und 26 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

20
proxy/src/main/java/com/velocitypowered/proxy/protocol/ProtocolUtils.java
Datei anzeigen

@ -97,30 +97,12 @@ public enum ProtocolUtils {
}
}
/**
* Reads a VarInt length-prefixed ASCII string from the {@code buf}, making sure to not go over
* {@code cap} size. This method is specialized for select parts of the Minecraft protocol where
* ASCII characters are guaranteed to be used.
*
* @param buf the buffer to read from
* @param cap the maximum size of the string, in UTF-8 character length
* @return the decoded string
*/
public static String readAsciiString(ByteBuf buf, int cap) {
int length = readVarInt(buf);
checkFrame(length >= 0, "Got a negative-length string (%s)", length);
checkFrame(length <= cap, "Bad string size (got %s, maximum is %s)", length, cap);
String str = buf.toString(buf.readerIndex(), length, StandardCharsets.US_ASCII);
buf.skipBytes(length);
return str;
}
public static String readString(ByteBuf buf) {
return readString(buf, DEFAULT_MAX_STRING_SIZE);
}
/**
* Reads a VarInt length-prefixed UTF-8 string from the {@code buf}, making sure to not go over
* Reads a VarInt length-prefixed string from the {@code buf}, making sure to not go over
* {@code cap} size.
* @param buf the buffer to read from
* @param cap the maximum size of the string, in UTF-8 character length

8
proxy/src/main/java/com/velocitypowered/proxy/protocol/packet/Handshake.java
Datei anzeigen

@ -1,19 +1,13 @@
package com.velocitypowered.proxy.protocol.packet;
import static com.velocitypowered.proxy.connection.forge.legacy.LegacyForgeConstants.HANDSHAKE_HOSTNAME_TOKEN;
import com.velocitypowered.api.network.ProtocolVersion;
import com.velocitypowered.proxy.connection.MinecraftSessionHandler;
import com.velocitypowered.proxy.connection.forge.legacy.LegacyForgeConstants;
import com.velocitypowered.proxy.protocol.MinecraftPacket;
import com.velocitypowered.proxy.protocol.ProtocolUtils;
import io.netty.buffer.ByteBuf;
public class Handshake implements MinecraftPacket {
// This size was chosen to ensure Forge clients can still connect even with very long hostnames.
// While DNS technically allows any character to be used, in practice ASCII is used.
private static final int MAXIMUM_HOSTNAME_LENGTH = 255 + HANDSHAKE_HOSTNAME_TOKEN.length() + 1;
private ProtocolVersion protocolVersion;
private String serverAddress = "";
private int port;
@ -65,7 +59,7 @@ public class Handshake implements MinecraftPacket {
public void decode(ByteBuf buf, ProtocolUtils.Direction direction, ProtocolVersion ignored) {
int realProtocolVersion = ProtocolUtils.readVarInt(buf);
this.protocolVersion = ProtocolVersion.getProtocolVersion(realProtocolVersion);
this.serverAddress = ProtocolUtils.readAsciiString(buf, MAXIMUM_HOSTNAME_LENGTH);
this.serverAddress = ProtocolUtils.readString(buf);
this.port = buf.readUnsignedShort();
this.nextStatus = ProtocolUtils.readVarInt(buf);
}