CavePVP-Stuff/cSpigot-master/spigot-server-Patches/0055-Backport-NBTReadLimiter-security-fixes.patch

From 9cb842810555b14ddb814780b4d868de1fcc483c Mon Sep 17 00:00:00 2001
From: prplz <prplz@kohi.net>
Date: Fri, 17 Apr 2015 12:54:54 +1000
Subject: [PATCH] Backport NBTReadLimiter security fixes


diff --git a/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java b/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java
index 6defdf5d5..594f21bee 100644
--- a/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java
+++ b/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java
@@ -81,6 +81,12 @@ public class NBTCompressedStreamTools {
 
     public static NBTTagCompound a(DataInput datainput, NBTReadLimiter nbtreadlimiter) {
         try {
+        // PaperSpigot start - backport security fix
+        if ( datainput instanceof net.minecraft.util.io.netty.buffer.ByteBufInputStream )
+        {
+            datainput = new DataInputStream( new org.spigotmc.LimitStream( (InputStream) datainput, nbtreadlimiter ) );
+        }
+        // PaperSpigot end
         NBTBase nbtbase = a(datainput, 0, nbtreadlimiter);
 
         if (nbtbase instanceof NBTTagCompound) {
diff --git a/src/main/java/net/minecraft/server/NBTTagList.java b/src/main/java/net/minecraft/server/NBTTagList.java
index bdde30a29..9b19ebb9a 100644
--- a/src/main/java/net/minecraft/server/NBTTagList.java
+++ b/src/main/java/net/minecraft/server/NBTTagList.java
@@ -41,6 +41,7 @@ public class NBTTagList extends NBTBase {
 
             for (int k = 0; k < j; ++k) {
                 NBTBase nbtbase = NBTBase.createTag(this.type);
+                nbtreadlimiter.a(8); // PaperSpigot - backport security fix
 
                 nbtbase.load(datainput, i + 1, nbtreadlimiter);
                 this.list.add(nbtbase);
diff --git a/src/main/java/net/minecraft/server/PacketDataSerializer.java b/src/main/java/net/minecraft/server/PacketDataSerializer.java
index 451f5fdae..73d59e411 100644
--- a/src/main/java/net/minecraft/server/PacketDataSerializer.java
+++ b/src/main/java/net/minecraft/server/PacketDataSerializer.java
@@ -150,7 +150,7 @@ public class PacketDataSerializer extends ByteBuf {
                 return null;
             }
             readerIndex(index);
-            return NBTCompressedStreamTools.a( new DataInputStream( new ByteBufInputStream( a ) ) );
+            return NBTCompressedStreamTools.a( new ByteBufInputStream( a ), new NBTReadLimiter( 2097152L ) ); // PaperSpigot - backport security fix
         }
     }
     // Spigot end
diff --git a/src/main/java/org/spigotmc/LimitStream.java b/src/main/java/org/spigotmc/LimitStream.java
index dcc0548de..1804518c9 100644
--- a/src/main/java/org/spigotmc/LimitStream.java
+++ b/src/main/java/org/spigotmc/LimitStream.java
@@ -19,21 +19,21 @@ public class LimitStream extends FilterInputStream
     @Override
     public int read() throws IOException
     {
-        limit.a( 1 );
+        limit.a( 8 ); // PaperSpigot - backport security fix
         return super.read();
     }
 
     @Override
     public int read(byte[] b) throws IOException
     {
-        limit.a( b.length );
+        limit.a( b.length * 8 ); // PaperSpigot - backport security fix
         return super.read( b );
     }
 
     @Override
     public int read(byte[] b, int off, int len) throws IOException
     {
-        limit.a( len );
+        limit.a( len * 8 ); // PaperSpigot - backport security fix
         return super.read( b, off, len );
     }
 }
-- 
2.13.3
Oi oi fuck simplytrash <3 2023-05-01 20:59:40 +02:00			`From 9cb842810555b14ddb814780b4d868de1fcc483c Mon Sep 17 00:00:00 2001`
			`From: prplz <prplz@kohi.net>`
			`Date: Fri, 17 Apr 2015 12:54:54 +1000`
			`Subject: [PATCH] Backport NBTReadLimiter security fixes`


			`diff --git a/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java b/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java`
			`index 6defdf5d5..594f21bee 100644`
			`--- a/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java`
			`+++ b/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java`
			`@@ -81,6 +81,12 @@ public class NBTCompressedStreamTools {`

			`public static NBTTagCompound a(DataInput datainput, NBTReadLimiter nbtreadlimiter) {`
			`try {`
			`+ // PaperSpigot start - backport security fix`
			`+ if ( datainput instanceof net.minecraft.util.io.netty.buffer.ByteBufInputStream )`
			`+ {`
			`+ datainput = new DataInputStream( new org.spigotmc.LimitStream( (InputStream) datainput, nbtreadlimiter ) );`
			`+ }`
			`+ // PaperSpigot end`
			`NBTBase nbtbase = a(datainput, 0, nbtreadlimiter);`

			`if (nbtbase instanceof NBTTagCompound) {`
			`diff --git a/src/main/java/net/minecraft/server/NBTTagList.java b/src/main/java/net/minecraft/server/NBTTagList.java`
			`index bdde30a29..9b19ebb9a 100644`
			`--- a/src/main/java/net/minecraft/server/NBTTagList.java`
			`+++ b/src/main/java/net/minecraft/server/NBTTagList.java`
			`@@ -41,6 +41,7 @@ public class NBTTagList extends NBTBase {`

			`for (int k = 0; k < j; ++k) {`
			`NBTBase nbtbase = NBTBase.createTag(this.type);`
			`+ nbtreadlimiter.a(8); // PaperSpigot - backport security fix`

			`nbtbase.load(datainput, i + 1, nbtreadlimiter);`
			`this.list.add(nbtbase);`
			`diff --git a/src/main/java/net/minecraft/server/PacketDataSerializer.java b/src/main/java/net/minecraft/server/PacketDataSerializer.java`
			`index 451f5fdae..73d59e411 100644`
			`--- a/src/main/java/net/minecraft/server/PacketDataSerializer.java`
			`+++ b/src/main/java/net/minecraft/server/PacketDataSerializer.java`
			`@@ -150,7 +150,7 @@ public class PacketDataSerializer extends ByteBuf {`
			`return null;`
			`}`
			`readerIndex(index);`
			`- return NBTCompressedStreamTools.a( new DataInputStream( new ByteBufInputStream( a ) ) );`
			`+ return NBTCompressedStreamTools.a( new ByteBufInputStream( a ), new NBTReadLimiter( 2097152L ) ); // PaperSpigot - backport security fix`
			`}`
			`}`
			`// Spigot end`
			`diff --git a/src/main/java/org/spigotmc/LimitStream.java b/src/main/java/org/spigotmc/LimitStream.java`
			`index dcc0548de..1804518c9 100644`
			`--- a/src/main/java/org/spigotmc/LimitStream.java`
			`+++ b/src/main/java/org/spigotmc/LimitStream.java`
			`@@ -19,21 +19,21 @@ public class LimitStream extends FilterInputStream`
			`@Override`
			`public int read() throws IOException`
			`{`
			`- limit.a( 1 );`
			`+ limit.a( 8 ); // PaperSpigot - backport security fix`
			`return super.read();`
			`}`

			`@Override`
			`public int read(byte[] b) throws IOException`
			`{`
			`- limit.a( b.length );`
			`+ limit.a( b.length * 8 ); // PaperSpigot - backport security fix`
			`return super.read( b );`
			`}`

			`@Override`
			`public int read(byte[] b, int off, int len) throws IOException`
			`{`
			`- limit.a( len );`
			`+ limit.a( len * 8 ); // PaperSpigot - backport security fix`
			`return super.read( b, off, len );`
			`}`
			`}`
			`--`
			`2.13.3`