From 9cb842810555b14ddb814780b4d868de1fcc483c Mon Sep 17 00:00:00 2001
From: prplz <prplz@kohi.net>
Date: Fri, 17 Apr 2015 12:54:54 +1000
Subject: [PATCH] Backport NBTReadLimiter security fixes


diff --git a/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java b/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java
index 6defdf5d5..594f21bee 100644
--- a/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java
+++ b/src/main/java/net/minecraft/server/NBTCompressedStreamTools.java
@@ -81,6 +81,12 @@ public class NBTCompressedStreamTools {
 
     public static NBTTagCompound a(DataInput datainput, NBTReadLimiter nbtreadlimiter) {
         try {
+        // PaperSpigot start - backport security fix
+        if ( datainput instanceof net.minecraft.util.io.netty.buffer.ByteBufInputStream )
+        {
+            datainput = new DataInputStream( new org.spigotmc.LimitStream( (InputStream) datainput, nbtreadlimiter ) );
+        }
+        // PaperSpigot end
         NBTBase nbtbase = a(datainput, 0, nbtreadlimiter);
 
         if (nbtbase instanceof NBTTagCompound) {
diff --git a/src/main/java/net/minecraft/server/NBTTagList.java b/src/main/java/net/minecraft/server/NBTTagList.java
index bdde30a29..9b19ebb9a 100644
--- a/src/main/java/net/minecraft/server/NBTTagList.java
+++ b/src/main/java/net/minecraft/server/NBTTagList.java
@@ -41,6 +41,7 @@ public class NBTTagList extends NBTBase {
 
             for (int k = 0; k < j; ++k) {
                 NBTBase nbtbase = NBTBase.createTag(this.type);
+                nbtreadlimiter.a(8); // PaperSpigot - backport security fix
 
                 nbtbase.load(datainput, i + 1, nbtreadlimiter);
                 this.list.add(nbtbase);
diff --git a/src/main/java/net/minecraft/server/PacketDataSerializer.java b/src/main/java/net/minecraft/server/PacketDataSerializer.java
index 451f5fdae..73d59e411 100644
--- a/src/main/java/net/minecraft/server/PacketDataSerializer.java
+++ b/src/main/java/net/minecraft/server/PacketDataSerializer.java
@@ -150,7 +150,7 @@ public class PacketDataSerializer extends ByteBuf {
                 return null;
             }
             readerIndex(index);
-            return NBTCompressedStreamTools.a( new DataInputStream( new ByteBufInputStream( a ) ) );
+            return NBTCompressedStreamTools.a( new ByteBufInputStream( a ), new NBTReadLimiter( 2097152L ) ); // PaperSpigot - backport security fix
         }
     }
     // Spigot end
diff --git a/src/main/java/org/spigotmc/LimitStream.java b/src/main/java/org/spigotmc/LimitStream.java
index dcc0548de..1804518c9 100644
--- a/src/main/java/org/spigotmc/LimitStream.java
+++ b/src/main/java/org/spigotmc/LimitStream.java
@@ -19,21 +19,21 @@ public class LimitStream extends FilterInputStream
     @Override
     public int read() throws IOException
     {
-        limit.a( 1 );
+        limit.a( 8 ); // PaperSpigot - backport security fix
         return super.read();
     }
 
     @Override
     public int read(byte[] b) throws IOException
     {
-        limit.a( b.length );
+        limit.a( b.length * 8 ); // PaperSpigot - backport security fix
         return super.read( b );
     }
 
     @Override
     public int read(byte[] b, int off, int len) throws IOException
     {
-        limit.a( len );
+        limit.a( len * 8 ); // PaperSpigot - backport security fix
         return super.read( b, off, len );
     }
 }
-- 
2.13.3