Limit list max size in transactions

this duct tape is to limit the impact of a security vulnerability being actively exploited.
2025-04-21 00:07:30 +00:00 · 2023-01-02 22:59:48 +00:00 · 2023-01-02 22:59:48 +00:00 · b312e93176
commit b312e93176
parent 61933624d2
1 changed files with 10 additions and 0 deletions
--- a/src/network/mcpe/handler/InGamePacketHandler.php
+++ b/src/network/mcpe/handler/InGamePacketHandler.php
@ -254,6 +254,9 @@ class InGamePacketHandler extends PacketHandler{

 		$useItemTransaction = $packet->getItemInteractionData();
 		if($useItemTransaction !== null){
+			if(count($useItemTransaction->getTransactionData()->getActions()) > 100){
+				throw new PacketHandlingException("Too many actions in item use transaction");
+			}
 			if(!$this->handleUseItemTransaction($useItemTransaction->getTransactionData())){
 				$packetHandled = false;
 				$this->session->getLogger()->debug("Unhandled transaction in PlayerAuthInputPacket (type " . $useItemTransaction->getTransactionData()->getActionType() . ")");
@ -264,6 +267,9 @@ class InGamePacketHandler extends PacketHandler{

 		$blockActions = $packet->getBlockActions();
 		if($blockActions !== null){
+			if(count($blockActions) > 100){
+				throw new PacketHandlingException("Too many block actions in PlayerAuthInputPacket");
+			}
 			foreach($blockActions as $k => $blockAction){
 				$actionHandled = false;
 				if($blockAction instanceof PlayerBlockActionStopBreak){
@ -310,6 +316,10 @@ class InGamePacketHandler extends PacketHandler{
 	public function handleInventoryTransaction(InventoryTransactionPacket $packet) : bool{
 		$result = true;

+		if(count($packet->trData->getActions()) > 100){
+			throw new PacketHandlingException("Too many actions in inventory transaction");
+		}
+
 		$this->inventoryManager->addPredictedSlotChanges($packet->trData->getActions());

 		if($packet->trData instanceof NormalTransactionData){