From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Aikar Date: Fri, 16 Nov 2018 23:08:50 -0500 Subject: [PATCH] Book Size Limits Puts some limits on the size of books. diff --git a/src/main/java/com/destroystokyo/paper/PaperConfig.java b/src/main/java/com/destroystokyo/paper/PaperConfig.java index 1697687405392198d2df653220465671675362c2..e8bade581ed391b25c592dbafb3fb3ccf72be616 100644 --- a/src/main/java/com/destroystokyo/paper/PaperConfig.java +++ b/src/main/java/com/destroystokyo/paper/PaperConfig.java @@ -334,4 +334,11 @@ public class PaperConfig { velocitySecretKey = secret.getBytes(StandardCharsets.UTF_8); } } + + public static int maxBookPageSize = 2560; + public static double maxBookTotalSizeMultiplier = 0.98D; + private static void maxBookSize() { + maxBookPageSize = getInt("settings.book-size.page-max", maxBookPageSize); + maxBookTotalSizeMultiplier = getDouble("settings.book-size.total-multiplier", maxBookTotalSizeMultiplier); + } } diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java index 32856a1e19bf31a7650bf9a4e662d5a49c3248d2..2e3a4f2630ce6601772f05a186e5f4a3541640b9 100644 --- a/src/main/java/net/minecraft/server/PlayerConnection.java +++ b/src/main/java/net/minecraft/server/PlayerConnection.java @@ -20,6 +20,7 @@ import java.util.function.Consumer; import java.util.stream.Collectors; import java.util.stream.Stream; import javax.annotation.Nullable; +import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -854,6 +855,52 @@ public class PlayerConnection implements PacketListenerPlayIn { @Override public void a(PacketPlayInBEdit packetplayinbedit) { + // Paper start + ItemStack testStack = packetplayinbedit.getBook(); + if (!server.isPrimaryThread() && !testStack.isEmpty() && testStack.getTag() != null) { + NBTTagList pageList = testStack.getTag().getList("pages", 8); + if (pageList.size() > 100) { + PlayerConnection.LOGGER.warn(this.player.getName() + " tried to send a book with too many pages"); + minecraftServer.scheduleOnMain(() -> this.disconnect("Book too large!")); + return; + } + long byteTotal = 0; + int maxBookPageSize = com.destroystokyo.paper.PaperConfig.maxBookPageSize; + double multiplier = Math.max(0.3D, Math.min(1D, com.destroystokyo.paper.PaperConfig.maxBookTotalSizeMultiplier)); + long byteAllowed = maxBookPageSize; + for (int i = 0; i < pageList.size(); ++i) { + String testString = pageList.getString(i); + int byteLength = testString.getBytes(java.nio.charset.StandardCharsets.UTF_8).length; + if (byteLength > 256 * 4) { + PlayerConnection.LOGGER.warn(this.player.getName() + " tried to send a book with with a page too large!"); + minecraftServer.scheduleOnMain(() -> this.disconnect("Book too large!")); + return; + } + byteTotal += byteLength; + int length = testString.length(); + int multibytes = 0; + if (byteLength != length) { + for (char c : testString.toCharArray()) { + if (c > 127) { + multibytes++; + } + } + } + byteAllowed += (maxBookPageSize * Math.min(1, Math.max(0.1D, (double) length / 255D))) * multiplier; + + if (multibytes > 1) { + // penalize MB + byteAllowed -= multibytes; + } + } + + if (byteTotal > byteAllowed) { + PlayerConnection.LOGGER.warn(this.player.getName() + " tried to send too large of a book. Book Size: " + byteTotal + " - Allowed: "+ byteAllowed + " - Pages: " + pageList.size()); + minecraftServer.scheduleOnMain(() -> this.disconnect("Book too large!")); + return; + } + } + // Paper end // CraftBukkit start if (this.lastBookTick + 20 > MinecraftServer.currentTick) { this.disconnect("Book edited too quickly!");