Mitigate against CVE-2021-44228

2021-12-10 20:22:53 +00:00 · 2021-12-10 20:22:53 +00:00 · 0f8a8de77c
parent 3ff57559e3
commit 0f8a8de77c
1 changed files with 6 additions and 0 deletions
--- a/src/Protocol/Protocol_1_8.cpp
+++ b/src/Protocol/Protocol_1_8.cpp
@ -365,6 +365,12 @@ void cProtocol_1_8_0::SendChatRaw(const AString & a_MessageRaw, eChatType a_Type
 {
 	ASSERT(m_State == 3);  // In game mode?

+	// Prevent chat messages that might trigger CVE-2021-44228
+	if (a_MessageRaw.find("${jndi") != std::string::npos)
+	{
+		return;
+	}
+
 	// Send the json string to the client:
 	cPacketizer Pkt(*this, pktChatRaw);
 	Pkt.WriteString(a_MessageRaw);