From 6815808d327fa8d1a742099a4206d69ba7423764 Mon Sep 17 00:00:00 2001 From: Nassim Jahnke Date: Fri, 31 Jan 2025 19:11:34 +0100 Subject: [PATCH] Improve fml mod list parsing --- api/src/main/java/com/velocitypowered/api/util/ModInfo.java | 2 ++ .../proxy/connection/forge/legacy/LegacyForgeUtil.java | 1 + 2 files changed, 3 insertions(+) diff --git a/api/src/main/java/com/velocitypowered/api/util/ModInfo.java b/api/src/main/java/com/velocitypowered/api/util/ModInfo.java index 8a51f3221..6c65782fd 100644 --- a/api/src/main/java/com/velocitypowered/api/util/ModInfo.java +++ b/api/src/main/java/com/velocitypowered/api/util/ModInfo.java @@ -79,6 +79,8 @@ public final class ModInfo { public Mod(String id, String version) { this.id = Preconditions.checkNotNull(id, "id"); this.version = Preconditions.checkNotNull(version, "version"); + Preconditions.checkArgument(id.length() < 128, "mod id is too long"); + Preconditions.checkArgument(version.length() < 128, "mod version is too long"); } public String getId() { diff --git a/proxy/src/main/java/com/velocitypowered/proxy/connection/forge/legacy/LegacyForgeUtil.java b/proxy/src/main/java/com/velocitypowered/proxy/connection/forge/legacy/LegacyForgeUtil.java index 1d0661176..854a52d74 100644 --- a/proxy/src/main/java/com/velocitypowered/proxy/connection/forge/legacy/LegacyForgeUtil.java +++ b/proxy/src/main/java/com/velocitypowered/proxy/connection/forge/legacy/LegacyForgeUtil.java @@ -64,6 +64,7 @@ class LegacyForgeUtil { if (discriminator == MOD_LIST_DISCRIMINATOR) { ImmutableList.Builder mods = ImmutableList.builder(); int modCount = ProtocolUtils.readVarInt(contents); + Preconditions.checkArgument(modCount < 1024, "Oversized mods list"); for (int index = 0; index < modCount; index++) { String id = ProtocolUtils.readString(contents);