Properly enclose limiting of nbt reading

Fixes #3093
This commit is contained in:
Nassim Jahnke 2022-08-14 22:24:31 +02:00
parent 6c58f0980c
commit 435a986068
No known key found for this signature in database
GPG Key ID: 6BE3B555EBC5982B
2 changed files with 6 additions and 5 deletions

View File

@ -24,7 +24,7 @@ package com.viaversion.viaversion.api.type.types.minecraft;
import com.github.steveice10.opennbt.NBTIO; import com.github.steveice10.opennbt.NBTIO;
import com.github.steveice10.opennbt.tag.builtin.CompoundTag; import com.github.steveice10.opennbt.tag.builtin.CompoundTag;
import com.google.common.base.Preconditions; import com.github.steveice10.opennbt.tag.limiter.TagLimiter;
import com.viaversion.viaversion.api.type.Type; import com.viaversion.viaversion.api.type.Type;
import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufInputStream; import io.netty.buffer.ByteBufInputStream;
@ -35,21 +35,22 @@ import java.io.DataOutput;
public class NBTType extends Type<CompoundTag> { public class NBTType extends Type<CompoundTag> {
private static final int MAX_NBT_BYTES = 2097152; // 2mb
private static final int MAX_NESTING_LEVEL = 512;
public NBTType() { public NBTType() {
super(CompoundTag.class); super(CompoundTag.class);
} }
@Override @Override
public CompoundTag read(ByteBuf buffer) throws Exception { public CompoundTag read(ByteBuf buffer) throws Exception {
Preconditions.checkArgument(buffer.readableBytes() <= 2097152, "Cannot read NBT (got %s bytes)", buffer.readableBytes());
int readerIndex = buffer.readerIndex(); int readerIndex = buffer.readerIndex();
byte b = buffer.readByte(); byte b = buffer.readByte();
if (b == 0) { if (b == 0) {
return null; return null;
} else { } else {
buffer.readerIndex(readerIndex); buffer.readerIndex(readerIndex);
return NBTIO.readTag((DataInput) new ByteBufInputStream(buffer)); return NBTIO.readTag((DataInput) new ByteBufInputStream(buffer), TagLimiter.create(MAX_NBT_BYTES, MAX_NESTING_LEVEL));
} }
} }

View File

@ -6,7 +6,7 @@ adventure = "4.9.3"
gson = "2.8.8" gson = "2.8.8"
fastutil = "8.5.6" fastutil = "8.5.6"
flare = "2.0.0" flare = "2.0.0"
openNBT = "2.0" openNBT = "2.1"
javassist = "3.28.0-GA" javassist = "3.28.0-GA"
# Common provided # Common provided