mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-04-22 00:33:59 +00:00
Code Issues Projects Releases Wiki Activity

LoginPacket: barf on finding extraData multiple times

Browse Source 
this fixes a potential exploit where clients could append JWTs signed with their own keys to the end of the chain containing fake XUID/UUID/username which would then overwrite the legitimate ones in earlier links.
This stems from the fact that the final link of the vanilla chain contains the client's own pubkey, so the client is able to append its own data to the end of the chain.
This commit is contained in:
Dylan K. Taylor 2018-07-06 12:54:43 +01:00
parent 34e9e93210
commit ee7c838040
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/pocketmine/network/mcpe/protocol/LoginPacket.php
View File

@ -105,9 +105,15 @@ class LoginPacket extends DataPacket{
$buffer = new BinaryStream($this->getString());
$this->chainData = json_decode($buffer->get($buffer->getLInt()), true);
$hasExtraData = false;
foreach($this->chainData["chain"] as $chain){
$webtoken = Utils::decodeJWT($chain);
if(isset($webtoken["extraData"])){
if($hasExtraData){
throw new \RuntimeException("Found 'extraData' multiple times in key chain");
}
$hasExtraData = true;
if(isset($webtoken["extraData"]["displayName"])){
$this->username = $webtoken["extraData"]["displayName"];
}