Also check for the actual character length in ResourceLocation validation

This commit is contained in:
Nassim Jahnke 2024-01-12 23:08:19 +01:00
parent a0ffb57745
commit 8c8862f3a8
No known key found for this signature in database
GPG key ID: EF6771C01F6EF02F
2 changed files with 20 additions and 14 deletions

View file

@ -5,36 +5,36 @@ Subject: [PATCH] Return null for empty String in NamespacedKey.fromString
diff --git a/src/main/java/org/bukkit/NamespacedKey.java b/src/main/java/org/bukkit/NamespacedKey.java
index 8ac72cb0b05e2c493d98310f2e87c3714d15c5e3..95bc1078e35a92624b6627e78ed80080832d1b57 100644
index 8ac72cb0b05e2c493d98310f2e87c3714d15c5e3..97cf6b6acdd71740b75658f14ca5cabbacb108d4 100644
--- a/src/main/java/org/bukkit/NamespacedKey.java
+++ b/src/main/java/org/bukkit/NamespacedKey.java
@@ -89,8 +89,6 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
this.namespace = namespace;
@@ -90,7 +90,7 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
this.key = key;
- String string = toString();
String string = toString();
- Preconditions.checkArgument(string.length() < 256, "NamespacedKey must be less than 256 characters", string);
+ Preconditions.checkArgument(string.length() <= Short.MAX_VALUE, "NamespacedKey must be less than 32768 characters", string); // Paper - Fix improper length validation
}
/**
@@ -116,8 +114,6 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
Preconditions.checkArgument(isValidNamespace(this.namespace), "Invalid namespace. Must be [a-z0-9._-]: %s", this.namespace);
@@ -117,7 +117,7 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
Preconditions.checkArgument(isValidKey(this.key), "Invalid key. Must be [a-z0-9/._-]: %s", this.key);
- String string = toString();
String string = toString();
- Preconditions.checkArgument(string.length() < 256, "NamespacedKey must be less than 256 characters (%s)", string);
+ Preconditions.checkArgument(string.length() <= Short.MAX_VALUE, "NamespacedKey must be less than 32768 characters", string); // Paper - Fix improper length validation
}
@NotNull
@@ -206,7 +202,10 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
@@ -206,7 +206,10 @@ public final class NamespacedKey implements net.kyori.adventure.key.Key, com.des
*/
@Nullable
public static NamespacedKey fromString(@NotNull String string, @Nullable Plugin defaultNamespace) {
- Preconditions.checkArgument(string != null && !string.isEmpty(), "Input string must not be empty or null");
+ // Paper - Return null for empty string
+ // Paper - Return null for empty string, check length
+ Preconditions.checkArgument(string != null, "Input string must not be null");
+ if (string.isEmpty()) return null;
+ // Paper end - Return null for empty string
+ if (string.isEmpty() || string.length() > Short.MAX_VALUE) return null;
+ // Paper end - Return null for empty string, check length
String[] components = string.split(":", 3);
if (components.length > 2) {

View file

@ -22,14 +22,20 @@ index 18fad4f083862ace2bc56579883f548f6d697091..80083fed4b44b9d433925f09db83e559
return Blocks.AIR.defaultBlockState();
} else {
diff --git a/src/main/java/net/minecraft/resources/ResourceLocation.java b/src/main/java/net/minecraft/resources/ResourceLocation.java
index 38e2a8cec48bc779b8154d6d719031f457a2403e..9024622a41fdc774713481973c1419a8d18cce93 100644
index 38e2a8cec48bc779b8154d6d719031f457a2403e..4379090b74d156b62b88163a234c22e78454f5e4 100644
--- a/src/main/java/net/minecraft/resources/ResourceLocation.java
+++ b/src/main/java/net/minecraft/resources/ResourceLocation.java
@@ -31,6 +31,7 @@ public class ResourceLocation implements Comparable<ResourceLocation> {
@@ -31,6 +31,13 @@ public class ResourceLocation implements Comparable<ResourceLocation> {
private final String path;
protected ResourceLocation(String namespace, String path, @Nullable ResourceLocation.Dummy extraData) {
+ if (io.netty.buffer.ByteBufUtil.utf8MaxBytes(namespace + ":" + path) > 2 * Short.MAX_VALUE + 1) throw new ResourceLocationException("Resource location too long: " + namespace + ":" + path); // Paper - Validate ResourceLocation
+ // Paper start - Validate ResourceLocation
+ // Check for the max network string length (capped at Short.MAX_VALUE) as well as the max bytes of a StringTag (length written as an unsigned short)
+ final String resourceLocation = namespace + ":" + path;
+ if (resourceLocation.length() > Short.MAX_VALUE || io.netty.buffer.ByteBufUtil.utf8MaxBytes(resourceLocation) > 2 * Short.MAX_VALUE + 1) {
+ throw new ResourceLocationException("Resource location too long: " + resourceLocation);
+ }
+ // Paper end - Validate ResourceLocation
this.namespace = namespace;
this.path = path;
}