Merge PR #3586: Murmur: fix Denial of Service vulnerability in msgCha…

…nnelState()
mumble-voip · Jan 25, 2019 · 15f268c · 15f268c
2 parents e31d267 + 3edc46f
commit 15f268c
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/murmur/Messages.cpp b/src/murmur/Messages.cpp
@@ -1062,6 +1062,13 @@ void Server::msgChannelState(ServerUser *uSource, MumbleProto::ChannelState &msg
 			}
 		}
 
+		if (msg.has_max_users()) {
+			if (! hasPermission(uSource, c, ChanACL::Write)) {
+				PERM_DENIED(uSource, c, ChanACL::Write);
+				return;
+			}
+		}
+
 		// All permission checks done -- the update is good.
 
 		if (p) {