alexander.nutz/barecopper
1
0
Fork 0
forked from EXTERNAL/bareiron
Code Pull Requests Activity

implement recv_buffer size limit and input validation

Browse Source 
* Implement recv_buffer size limit and input validation

* Add readLengthPrefixedData helper and refactor some read flows

* Change error to be more accurate

* Add newline to error message

* fix long chat messages kicking clients

* style nitpicks

---------

Co-authored-by: p2r3 <p2r3@p2r3.com>
Co-authored-by: p2r3 <41925384+p2r3@users.noreply.github.com>
This commit is contained in:
Tyler Zars
2025-09-18 19:00:02 -04:00
committed by GitHub
parent b23e19ecd4
commit 3bde692976
5 changed files with 47 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/packets.c
View File

@@ -658,10 +658,8 @@ int cs_clickContainer (int client_fd) {
count = (uint8_t)readVarInt(client_fd);
// ignore components
tmp = readVarInt(client_fd);
recv_all(client_fd, recv_buffer, tmp, false);
tmp = readVarInt(client_fd);
recv_all(client_fd, recv_buffer, tmp, false);
readLengthPrefixedData(client_fd);
readLengthPrefixedData(client_fd);
if (count > 0 && apply_changes) {
*p_item = item;
@@ -691,10 +689,8 @@ int cs_clickContainer (int client_fd) {
player->flagval_16 = readVarInt(client_fd);
player->flagval_8 = readVarInt(client_fd);
// ignore components
tmp = readVarInt(client_fd);
recv_all(client_fd, recv_buffer, tmp, false);
tmp = readVarInt(client_fd);
recv_all(client_fd, recv_buffer, tmp, false);
readLengthPrefixedData(client_fd);
readLengthPrefixedData(client_fd);
} else {
player->flagval_16 = 0;
player->flagval_8 = 0;
@@ -1117,7 +1113,8 @@ int sc_systemChat (int client_fd, char* message, uint16_t len) {
// C->S Chat Message
int cs_chat (int client_fd) {
readString(client_fd);
// To be safe, cap messages to 32 bytes before the buffer length
readStringN(client_fd, 224);
PlayerData *player;
if (getPlayerData(client_fd, &player)) return 1;
@@ -1125,12 +1122,6 @@ int cs_chat (int client_fd) {
size_t message_len = strlen((char *)recv_buffer);
uint8_t name_len = strlen(player->name);
// To be safe, cap messages to 32 bytes before the buffer length
if (message_len > 224) {
recv_buffer[224] = '\0';
message_len = 224;
}
if (recv_buffer[0] != '!') { // Standard chat message
// Shift message contents forward to make space for player name tag