add presize limit for possible untrusted servers

set the limit to 10mb, everything bigger than 10MB needs to be resized by the stringbuilder again. Should not happen with session servers
2024-09-28 05:37:28 +02:00 · 2022-11-16 15:47:28 +01:00 · 2022-11-16 15:47:28 +01:00 · 340c8e0f5d
commit 340c8e0f5d
parent a428b6bdd1
1 changed files with 2 additions and 1 deletions
--- a/proxy/src/main/java/net/md_5/bungee/http/HttpHandler.java
+++ b/proxy/src/main/java/net/md_5/bungee/http/HttpHandler.java
@ -51,7 +51,8 @@ public class HttpHandler extends SimpleChannelInboundHandler<HttpObject>
                throw new IllegalStateException( "Expected HTTP response 200 OK, got " + response.status() );
            }

-            buffer = new StringBuilder( response.headers().contains( "Content-Length" ) ? Integer.parseInt( response.headers().get( "Content-Length" ) ) : 0x600 );
+            String length = response.headers().get( "Content-Length" );
+            buffer = new StringBuilder( length != null ? Math.min( Integer.parseInt( length ), 0xA00000 ) : 0x600 );
        }
        if ( msg instanceof HttpContent )
        {