From 8c8862f3a85a9f02facae64872e4646f27d1a429 Mon Sep 17 00:00:00 2001
From: Nassim Jahnke <nassim@njahnke.dev>
Date: Fri, 12 Jan 2024 23:08:19 +0100
Subject: [PATCH] Also check for the actual character length in
 ResourceLocation validation

---
 ...empty-String-in-NamespacedKey.fromSt.patch | 22 +++++++++----------
 ...date-ResourceLocation-in-NBT-reading.patch | 12 +++++++---
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/patches/api/0457-Return-null-for-empty-String-in-NamespacedKey.fromSt.patch b/patches/api/0457-Return-null-for-empty-String-in-NamespacedKey.fromSt.patch
index bb41c59526..742314fff8 100644
--- a/patches/api/0457-Return-null-for-empty-String-in-NamespacedKey.fromSt.patch
+++ b/patches/api/0457-Return-null-for-empty-String-in-NamespacedKey.fromSt.patch
@@ -5,36 +5,36 @@ Subject: [PATCH] Return null for empty String in NamespacedKey.fromString
 
 
 diff --git a/src/main/java/org/bukkit/NamespacedKey.java b/src/main/java/org/bukkit/NamespacedKey.java
-index 8ac72cb0b05e2c493d98310f2e87c3714d15c5e3..95bc1078e35a92624b6627e78ed80080832d1b57 100644
+index 8ac72cb0b05e2c493d98310f2e87c3714d15c5e3..97cf6b6acdd71740b75658f14ca5cabbacb108d4 100644
 --- a/src/main/java/org/bukkit/NamespacedKey.java
 +++ b/src/main/java/org/bukkit/NamespacedKey.java
-@@ -89,8 +89,6 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
-         this.namespace = namespace;
+@@ -90,7 +90,7 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
          this.key = key;
  
--        String string = toString();
+         String string = toString();
 -        Preconditions.checkArgument(string.length() < 256, "NamespacedKey must be less than 256 characters", string);
++        Preconditions.checkArgument(string.length() <= Short.MAX_VALUE, "NamespacedKey must be less than 32768 characters", string); // Paper - Fix improper length validation
      }
  
      /**
-@@ -116,8 +114,6 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
-         Preconditions.checkArgument(isValidNamespace(this.namespace), "Invalid namespace. Must be [a-z0-9._-]: %s", this.namespace);
+@@ -117,7 +117,7 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
          Preconditions.checkArgument(isValidKey(this.key), "Invalid key. Must be [a-z0-9/._-]: %s", this.key);
  
--        String string = toString();
+         String string = toString();
 -        Preconditions.checkArgument(string.length() < 256, "NamespacedKey must be less than 256 characters (%s)", string);
++        Preconditions.checkArgument(string.length() <= Short.MAX_VALUE, "NamespacedKey must be less than 32768 characters", string); // Paper - Fix improper length validation
      }
  
      @NotNull
-@@ -206,7 +202,10 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
+@@ -206,7 +206,10 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
       */
      @Nullable
      public static NamespacedKey fromString(@NotNull String string, @Nullable Plugin defaultNamespace) {
 -        Preconditions.checkArgument(string != null && !string.isEmpty(), "Input string must not be empty or null");
-+        // Paper - Return null for empty string
++        // Paper - Return null for empty string, check length
 +        Preconditions.checkArgument(string != null, "Input string must not be null");
-+        if (string.isEmpty()) return null;
-+        // Paper end - Return null for empty string
++        if (string.isEmpty() || string.length() > Short.MAX_VALUE) return null;
++        // Paper end - Return null for empty string, check length
  
          String[] components = string.split(":", 3);
          if (components.length > 2) {
diff --git a/patches/server/1057-Validate-ResourceLocation-in-NBT-reading.patch b/patches/server/1057-Validate-ResourceLocation-in-NBT-reading.patch
index ab785a22f3..e85cc43911 100644
--- a/patches/server/1057-Validate-ResourceLocation-in-NBT-reading.patch
+++ b/patches/server/1057-Validate-ResourceLocation-in-NBT-reading.patch
@@ -22,14 +22,20 @@ index 18fad4f083862ace2bc56579883f548f6d697091..80083fed4b44b9d433925f09db83e559
                  return Blocks.AIR.defaultBlockState();
              } else {
 diff --git a/src/main/java/net/minecraft/resources/ResourceLocation.java b/src/main/java/net/minecraft/resources/ResourceLocation.java
-index 38e2a8cec48bc779b8154d6d719031f457a2403e..9024622a41fdc774713481973c1419a8d18cce93 100644
+index 38e2a8cec48bc779b8154d6d719031f457a2403e..4379090b74d156b62b88163a234c22e78454f5e4 100644
 --- a/src/main/java/net/minecraft/resources/ResourceLocation.java
 +++ b/src/main/java/net/minecraft/resources/ResourceLocation.java
-@@ -31,6 +31,7 @@ public class ResourceLocation implements Comparable<ResourceLocation> {
+@@ -31,6 +31,13 @@ public class ResourceLocation implements Comparable<ResourceLocation> {
      private final String path;
  
      protected ResourceLocation(String namespace, String path, @Nullable ResourceLocation.Dummy extraData) {
-+        if (io.netty.buffer.ByteBufUtil.utf8MaxBytes(namespace + ":" + path) > 2 * Short.MAX_VALUE + 1) throw new ResourceLocationException("Resource location too long: " + namespace + ":" + path); // Paper - Validate ResourceLocation
++        // Paper start - Validate ResourceLocation
++        // Check for the max network string length (capped at Short.MAX_VALUE) as well as the max bytes of a StringTag (length written as an unsigned short)
++        final String resourceLocation = namespace + ":" + path;
++        if (resourceLocation.length() > Short.MAX_VALUE || io.netty.buffer.ByteBufUtil.utf8MaxBytes(resourceLocation) > 2 * Short.MAX_VALUE + 1) {
++            throw new ResourceLocationException("Resource location too long: " + resourceLocation);
++        }
++        // Paper end - Validate ResourceLocation
          this.namespace = namespace;
          this.path = path;
      }