mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-21 08:17:34 +00:00
Code Issues Projects Releases Wiki Activity

InGamePacketHandler: limit depth of form responses to 2

Browse Source 
form responses should only contain string|int|float|bool|null. Arrays or objects appearing in here are likely malicious.
This commit is contained in:
Dylan K. Taylor 2022-01-21 18:47:34 +00:00
parent ed312863a7
commit c10eda5eae
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/network/mcpe/handler/InGamePacketHandler.php
View File

@ -125,6 +125,7 @@ use const JSON_THROW_ON_ERROR;
* This handler handles packets related to general gameplay.
*/
class InGamePacketHandler extends PacketHandler{
private const MAX_FORM_RESPONSE_DEPTH = 2; //modal/simple will be 1, custom forms 2 - they will never contain anything other than string|int|float|bool|null
/** @var Player */
private $player;
@ -880,14 +881,14 @@ class InGamePacketHandler extends PacketHandler{
$fixed = "[" . implode(",", $newParts) . "]";
try{
return json_decode($fixed, $assoc, flags: JSON_THROW_ON_ERROR);
return json_decode($fixed, $assoc, self::MAX_FORM_RESPONSE_DEPTH, JSON_THROW_ON_ERROR);
}catch(\JsonException $e){
throw PacketHandlingException::wrap($e, "Failed to fix JSON (original: $json, modified: $fixed)");
}
}
try{
return json_decode($json, $assoc, flags: JSON_THROW_ON_ERROR);
return json_decode($json, $assoc, self::MAX_FORM_RESPONSE_DEPTH, JSON_THROW_ON_ERROR);
}catch(\JsonException $e){
throw PacketHandlingException::wrap($e);
}