flewkey/cuberite-2a
1
0
Fork 0
Code Releases Activity

ProtoProxy: Added a sanity check to metadata string lengths.

Browse Source 
Fixes CID 66415.
This commit is contained in:
Mattes D 2014-12-21 22:51:17 +01:00
parent f5b4c92a10
commit 557dc5a93f
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Tools/ProtoProxy/Connection.cpp
View File

@ -2687,7 +2687,7 @@ bool cConnection::ParseSlot(cByteBuffer & a_Buffer, AString & a_ItemDesc)
char ItemCount; char ItemCount;
short ItemDamage; short ItemDamage;
short MetadataLength; short MetadataLength;
a_Buffer.ReadChar(ItemCount); a_Buffer.ReadChar(ItemCount); // We already know we can read these bytes - we checked before.
a_Buffer.ReadBEShort(ItemDamage); a_Buffer.ReadBEShort(ItemDamage);
a_Buffer.ReadBEShort(MetadataLength); a_Buffer.ReadBEShort(MetadataLength);
Printf(a_ItemDesc, "%d:%d * %d", ItemType, ItemDamage, ItemCount); Printf(a_ItemDesc, "%d:%d * %d", ItemType, ItemDamage, ItemCount);
@ -2846,7 +2846,11 @@ void cConnection::LogMetadata(const AString & a_Metadata, size_t a_IndentCount)
bb.Write(a_Metadata.data() + pos + 1, RestLen); bb.Write(a_Metadata.data() + pos + 1, RestLen);
UInt32 Length; UInt32 Length;
int rs = bb.GetReadableSpace(); int rs = bb.GetReadableSpace();
bb.ReadVarInt(Length); if (!bb.ReadVarInt(Length))
{
Log("Invalid metadata value, was supposed to be a varint-prefixed string, but cannot read the varint");
break;
}
rs = rs - bb.GetReadableSpace(); rs = rs - bb.GetReadableSpace();
Log("%sstring[%d] = \"%*s\"", Indent.c_str(), Index, Length, a_Metadata.c_str() + pos + rs + 1); Log("%sstring[%d] = \"%*s\"", Indent.c_str(), Index, Length, a_Metadata.c_str() + pos + rs + 1);
pos += Length + rs + 2; pos += Length + rs + 2;