From df33e179e5d3ff13b56a2d7060bf592b0f797258 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Wed, 20 Apr 2022 13:01:05 +0100 Subject: [PATCH] Player: fixed chat newlines denial-of-service vulnerability irresponsibly reported in #4974 closes #4974 --- src/player/Player.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/player/Player.php b/src/player/Player.php index e27b72500..cb9ef0a5b 100644 --- a/src/player/Player.php +++ b/src/player/Player.php @@ -1377,8 +1377,14 @@ class Player extends Human implements CommandSender, ChunkListener, IPlayer{ public function chat(string $message) : bool{ $this->removeCurrentWindow(); + //Fast length check, to make sure we don't get hung trying to explode MBs of string ... + $maxTotalLength = $this->messageCounter * (self::MAX_CHAT_BYTE_LENGTH + 1); + if(strlen($message) > $maxTotalLength){ + return false; + } + $message = TextFormat::clean($message, false); - foreach(explode("\n", $message) as $messagePart){ + foreach(explode("\n", $message, $this->messageCounter + 1) as $messagePart){ if(trim($messagePart) !== "" && strlen($messagePart) <= self::MAX_CHAT_BYTE_LENGTH && mb_strlen($messagePart, 'UTF-8') <= self::MAX_CHAT_CHAR_LENGTH && $this->messageCounter-- > 0){ if(strpos($messagePart, './') === 0){ $messagePart = substr($messagePart, 1);