mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-08-30 06:55:11 +00:00
Code Issues Projects Releases Wiki Activity

Limit list max size in transactions

Browse Source 
this duct tape is to limit the impact of a security vulnerability being actively exploited.
This commit is contained in:
Dylan K. Taylor 2023-01-02 22:59:48 +00:00
parent 61933624d2
commit b312e93176
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/network/mcpe/handler/InGamePacketHandler.php
View File

@ -254,6 +254,9 @@ class InGamePacketHandler extends PacketHandler{
$useItemTransaction = $packet->getItemInteractionData(); $useItemTransaction = $packet->getItemInteractionData();
if($useItemTransaction !== null){ if($useItemTransaction !== null){
if(count($useItemTransaction->getTransactionData()->getActions()) > 100){
throw new PacketHandlingException("Too many actions in item use transaction");
}
if(!$this->handleUseItemTransaction($useItemTransaction->getTransactionData())){ if(!$this->handleUseItemTransaction($useItemTransaction->getTransactionData())){
$packetHandled = false; $packetHandled = false;
$this->session->getLogger()->debug("Unhandled transaction in PlayerAuthInputPacket (type " . $useItemTransaction->getTransactionData()->getActionType() . ")"); $this->session->getLogger()->debug("Unhandled transaction in PlayerAuthInputPacket (type " . $useItemTransaction->getTransactionData()->getActionType() . ")");
@ -264,6 +267,9 @@ class InGamePacketHandler extends PacketHandler{
$blockActions = $packet->getBlockActions(); $blockActions = $packet->getBlockActions();
if($blockActions !== null){ if($blockActions !== null){
if(count($blockActions) > 100){
throw new PacketHandlingException("Too many block actions in PlayerAuthInputPacket");
}
foreach($blockActions as $k => $blockAction){ foreach($blockActions as $k => $blockAction){
$actionHandled = false; $actionHandled = false;
if($blockAction instanceof PlayerBlockActionStopBreak){ if($blockAction instanceof PlayerBlockActionStopBreak){
@ -310,6 +316,10 @@ class InGamePacketHandler extends PacketHandler{
public function handleInventoryTransaction(InventoryTransactionPacket $packet) : bool{ public function handleInventoryTransaction(InventoryTransactionPacket $packet) : bool{
$result = true; $result = true;
if(count($packet->trData->getActions()) > 100){
throw new PacketHandlingException("Too many actions in inventory transaction");
}
$this->inventoryManager->addPredictedSlotChanges($packet->trData->getActions()); $this->inventoryManager->addPredictedSlotChanges($packet->trData->getActions());
if($packet->trData instanceof NormalTransactionData){ if($packet->trData instanceof NormalTransactionData){