mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-21 08:17:34 +00:00
Code Issues Projects Releases Wiki Activity

Added length validation for resource pack encryption keys

Browse Source
This commit is contained in:
Dylan K. Taylor 2022-12-15 22:36:06 +00:00
parent d02c6668b2
commit 8c0d3943d8
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/resourcepacks/ResourcePackManager.php
View File

@ -38,6 +38,7 @@ use function is_float;
use function is_int;
use function is_string;
use function mkdir;
use function rtrim;
use function strlen;
use function strtolower;
use const DIRECTORY_SEPARATOR;
@ -103,12 +104,17 @@ class ResourcePackManager{
$keyPath = Path::join($this->path, $pack . ".key");
if(file_exists($keyPath)){
try{
$this->encryptionKeys[$index] = ErrorToExceptionHandler::trapAndRemoveFalse(
$key = ErrorToExceptionHandler::trapAndRemoveFalse(
fn() => file_get_contents($keyPath)
);
}catch(\ErrorException $e){
throw new ResourcePackException("Could not read encryption key file: " . $e->getMessage(), 0, $e);
}
$key = rtrim($key, "\r\n");
if(strlen($key) !== 32){
throw new ResourcePackException("Invalid encryption key length, must be exactly 32 bytes");
}
$this->encryptionKeys[$index] = $key;
}
}catch(ResourcePackException $e){
$logger->critical("Could not load resource pack \"$pack\": " . $e->getMessage());