mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-06-16 16:34:05 +00:00
Code Issues Projects Releases Wiki Activity

Protect against \0 attacks on name checking

Browse Source
This commit is contained in:
Shoghi Cervantes 2014-09-20 18:26:17 +02:00
parent b880bf13f8
commit 36d8100e17
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/pocketmine/Player.php
View File

@ -1182,7 +1182,7 @@ class Player extends Human implements CommandSender, InventoryHolder, IPlayer{
return; return;
} }
if(preg_match('#^[a-zA-Z0-9_]{3,16}$#', $packet->username) == 0 or $this->username === "" or $this->iusername === "rcon" or $this->iusername === "console" or strlen($packet->username) > 16 or strlen($packet->username) < 3){ if(strpos($packet->username, "\x00") !== false or preg_match('#^[a-zA-Z0-9_]{3,16}$#', $packet->username) == 0 or $this->username === "" or $this->iusername === "rcon" or $this->iusername === "console" or strlen($packet->username) > 16 or strlen($packet->username) < 3){
$this->close("", "Bad username"); $this->close("", "Bad username");
return; return;