From 3050af0bc0c75e7d13ca0ed3c502c7c846ba2cd7 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Sun, 23 Feb 2025 19:45:38 +0000 Subject: [PATCH] ResourcePackManager: validate pack UUIDs fixes CrashArchive ##12248760 --- src/resourcepacks/ResourcePackManager.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/resourcepacks/ResourcePackManager.php b/src/resourcepacks/ResourcePackManager.php index c4668eb2a..ad4417769 100644 --- a/src/resourcepacks/ResourcePackManager.php +++ b/src/resourcepacks/ResourcePackManager.php @@ -26,6 +26,7 @@ namespace pocketmine\resourcepacks; use pocketmine\utils\Config; use pocketmine\utils\Filesystem; use pocketmine\utils\Utils; +use Ramsey\Uuid\Uuid; use Symfony\Component\Filesystem\Path; use function array_keys; use function copy; @@ -103,9 +104,14 @@ class ResourcePackManager{ try{ $newPack = $this->loadPackFromPath(Path::join($this->path, $pack)); - $this->resourcePacks[] = $newPack; $index = strtolower($newPack->getPackId()); + if(!Uuid::isValid($index)){ + //TODO: we should use Uuid in ResourcePack interface directly but that would break BC + //for now we need to validate this here to make sure it doesn't cause crashes later on + throw new ResourcePackException("Invalid UUID ($index)"); + } $this->uuidList[$index] = $newPack; + $this->resourcePacks[] = $newPack; $keyPath = Path::join($this->path, $pack . ".key"); if(file_exists($keyPath)){ @@ -190,6 +196,11 @@ class ResourcePackManager{ $resourcePacks = []; foreach($resourceStack as $pack){ $uuid = strtolower($pack->getPackId()); + if(!Uuid::isValid($uuid)){ + //TODO: we should use Uuid in ResourcePack interface directly but that would break BC + //for now we need to validate this here to make sure it doesn't cause crashes later on + throw new \InvalidArgumentException("Invalid resource pack UUID ($uuid)"); + } if(isset($uuidList[$uuid])){ throw new \InvalidArgumentException("Cannot load two resource pack with the same UUID ($uuid)"); }