mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-06-06 03:47:16 +00:00
Code Issues Projects Releases Wiki Activity

Guard against possible overflow bug in NetworkBinaryStream

Browse Source
This commit is contained in:
Dylan K. Taylor 2018-10-26 20:08:48 +01:00
parent b0624aff9f
commit 9b820a0849
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/pocketmine/network/mcpe/NetworkBinaryStream.php
View File

@ -109,7 +109,12 @@ class NetworkBinaryStream extends BinaryStream{
$this->putVarInt($auxValue);
$nbt = $item->getCompoundTag();
$this->putLShort(strlen($nbt));
$nbtLen = strlen($nbt);
if($nbtLen > 32767){
throw new \InvalidArgumentException("NBT encoded length must be < 32768, got $nbtLen bytes");
}
$this->putLShort($nbtLen);
$this->put($nbt);
$this->putVarInt(0); //CanPlaceOn entry count (TODO)