spawnrys/MinecraftConsoles
1
0
Fork 0
mirror of https://github.com/smartcmd/MinecraftConsoles.git synced 2026-03-23 04:18:13 +05:00
Code Issues Packages Projects Releases 1 Wiki Activity

LCEMP RCE fixes

Browse Source 
Based on commit d017bfc30a68888bf5c79b23cf5c4f607cf828bf
This commit is contained in:
Loki Rautio
2026-03-09 04:45:14 -05:00
parent 0c4f459904
commit d557ca2dfb
27 changed files with 222 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
Minecraft.World/Packet.cpp
View File

@@ -267,8 +267,12 @@ void Packet::updatePacketStatsPIX()
shared_ptr<Packet> Packet::getPacket(int id)
{
// 4J: Removed try/catch
return idToCreateMap[id]();
auto it = idToCreateMap.find(id);
if (it == idToCreateMap.end())
{
return nullptr;
}
return it->second();
}
void Packet::writeBytes(DataOutputStream *dataoutputstream, byteArray bytes)
@@ -334,30 +338,11 @@ shared_ptr<Packet> Packet::readPacket(DataInputStream *dis, bool isServer) // th
if ((isServer && serverReceivedPackets.find(id) == serverReceivedPackets.end()) || (!isServer && clientReceivedPackets.find(id) == clientReceivedPackets.end()))
{
app.DebugPrintf("*** BAD PACKET ID %d (0x%02X) isServer=%d totalPacketsRead=%d\n", id, id, isServer ? 1 : 0, s_packetCount);
app.DebugPrintf("*** Last %d good packet IDs (oldest first): ", 8);
for (int dbg = 0; dbg < 8; dbg++)
{
int idx = (s_lastIdPos + dbg) % 8;
app.DebugPrintf("%d ", s_lastIds[idx]);
}
app.DebugPrintf("\n");
// Dump the next 32 bytes from the stream to see what follows
app.DebugPrintf("*** Next bytes in stream: ");
for (int dbg = 0; dbg < 32; dbg++)
{
int b = dis->read();
if (b == -1) { app.DebugPrintf("[EOS] "); break; }
app.DebugPrintf("%02X ", b);
}
app.DebugPrintf("\n");
__debugbreak();
assert(false);
// throw new IOException(wstring(L"Bad packet id ") + std::to_wstring(id));
return nullptr;
}
packet = getPacket(id);
if (packet == nullptr) assert(false);//throw new IOException(wstring(L"Bad packet id ") + std::to_wstring(id));
if (packet == nullptr) return nullptr;//throw new IOException(wstring(L"Bad packet id ") + std::to_wstring(id));
s_lastIds[s_lastIdPos] = id;
s_lastIdPos = (s_lastIdPos + 1) % 8;
@@ -418,11 +403,9 @@ wstring Packet::readUtf(DataInputStream *dis, int maxLength) // throws IOExcepti
{
short stringLength = dis->readShort();
if (stringLength > maxLength)
if (stringLength > maxLength || stringLength <= 0)
{
wstringstream stream;
stream << L"Received string length longer than maximum allowed (" << stringLength << " > " << maxLength << ")";
assert(false);
return L"";
// throw new IOException( stream.str() );
}
if (stringLength < 0)
@@ -531,7 +514,7 @@ shared_ptr<ItemInstance> Packet::readItem(DataInputStream *dis)
{
shared_ptr<ItemInstance> item = nullptr;
int id = dis->readShort();
if (id >= 0)
if (id >= 0 && id < 32000) // todo: should turn Item::ITEM_NUM_COUNT into a global define
{
int count = dis->readByte();
int damage = dis->readShort();
@@ -569,9 +552,16 @@ void Packet::writeItem(shared_ptr<ItemInstance> item, DataOutputStream *dos)
CompoundTag *Packet::readNbt(DataInputStream *dis)
{
int size = dis->readShort();
if (size < 0) return nullptr;
if (size <= 0) return nullptr;
const int MAX_NBT_SIZE = 32767;
if (size > MAX_NBT_SIZE) return nullptr;
byteArray buff(size);
dis->readFully(buff);
if (!dis->readFully(buff))
{
delete [] buff.data;
return nullptr;
}
CompoundTag *result = (CompoundTag *) NbtIo::decompress(buff);
delete [] buff.data;
return result;