Add warning for string reading + incorrectly configured ip forwarding

This commit is contained in:
TheMode 2021-08-17 06:10:36 +02:00
parent e72c87f670
commit 42afae9b68
2 changed files with 17 additions and 5 deletions

View File

@ -8,8 +8,8 @@ import net.minestom.server.extras.bungee.BungeeCordProxy;
import net.minestom.server.network.ConnectionState; import net.minestom.server.network.ConnectionState;
import net.minestom.server.network.packet.client.ClientPreplayPacket; import net.minestom.server.network.packet.client.ClientPreplayPacket;
import net.minestom.server.network.packet.server.login.LoginDisconnectPacket; import net.minestom.server.network.packet.server.login.LoginDisconnectPacket;
import net.minestom.server.network.player.PlayerSocketConnection;
import net.minestom.server.network.player.PlayerConnection; import net.minestom.server.network.player.PlayerConnection;
import net.minestom.server.network.player.PlayerSocketConnection;
import net.minestom.server.utils.binary.BinaryReader; import net.minestom.server.utils.binary.BinaryReader;
import net.minestom.server.utils.binary.BinaryWriter; import net.minestom.server.utils.binary.BinaryWriter;
import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.NotNull;
@ -33,7 +33,14 @@ public class HandshakePacket implements ClientPreplayPacket {
@Override @Override
public void read(@NotNull BinaryReader reader) { public void read(@NotNull BinaryReader reader) {
this.protocolVersion = reader.readVarInt(); this.protocolVersion = reader.readVarInt();
try {
this.serverAddress = reader.readSizedString(BungeeCordProxy.isEnabled() ? Short.MAX_VALUE : 255); this.serverAddress = reader.readSizedString(BungeeCordProxy.isEnabled() ? Short.MAX_VALUE : 255);
} catch (Exception e) {
if (BungeeCordProxy.isEnabled()) {
System.err.println("Legacy proxy forwarding is enabled but the read did underflow. Please check your proxy.");
}
e.printStackTrace();
}
this.serverPort = reader.readUnsignedShort(); this.serverPort = reader.readUnsignedShort();
this.nextState = reader.readVarInt(); this.nextState = reader.readVarInt();
} }
@ -42,8 +49,8 @@ public class HandshakePacket implements ClientPreplayPacket {
public void write(@NotNull BinaryWriter writer) { public void write(@NotNull BinaryWriter writer) {
writer.writeVarInt(protocolVersion); writer.writeVarInt(protocolVersion);
int maxLength = BungeeCordProxy.isEnabled() ? Short.MAX_VALUE : 255; int maxLength = BungeeCordProxy.isEnabled() ? Short.MAX_VALUE : 255;
if(serverAddress.length() > maxLength) { if (serverAddress.length() > maxLength) {
throw new IllegalArgumentException("serverAddress is "+serverAddress.length()+" characters long, maximum allowed is "+maxLength); throw new IllegalArgumentException("serverAddress is " + serverAddress.length() + " characters long, maximum allowed is " + maxLength);
} }
writer.writeSizedString(serverAddress); writer.writeSizedString(serverAddress);
writer.writeUnsignedShort(serverPort); writer.writeUnsignedShort(serverPort);

View File

@ -15,6 +15,7 @@ import org.jglrxavpok.hephaistos.nbt.NBTReader;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.UUID; import java.util.UUID;
@ -104,7 +105,11 @@ public class BinaryReader extends InputStream {
public String readSizedString(int maxLength) { public String readSizedString(int maxLength) {
final int length = readVarInt(); final int length = readVarInt();
byte[] bytes = new byte[length]; byte[] bytes = new byte[length];
buffer.get(bytes); try {
this.buffer.get(bytes);
} catch (BufferUnderflowException e) {
throw new RuntimeException("Could not read " + length + ", " + buffer.remaining() + " remaining.");
}
final String str = new String(bytes, StandardCharsets.UTF_8); final String str = new String(bytes, StandardCharsets.UTF_8);
Check.stateCondition(str.length() > maxLength, Check.stateCondition(str.length() > maxLength,
"String length ({0}) was higher than the max length of {1}", length, maxLength); "String length ({0}) was higher than the max length of {1}", length, maxLength);