Player: fixed chat newlines denial-of-service vulnerability

irresponsibly reported in #4974 closes #4974
pmmp · Apr 20, 2022 · df33e17 · df33e17
1 parent 624a7df
commit df33e17
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/player/Player.php b/src/player/Player.php
@@ -1377,8 +1377,14 @@ public function canInteract(Vector3 $pos, float $maxDistance, float $maxDiff = M
 	public function chat(string $message) : bool{
 		$this->removeCurrentWindow();
 
+		//Fast length check, to make sure we don't get hung trying to explode MBs of string ...
+		$maxTotalLength = $this->messageCounter * (self::MAX_CHAT_BYTE_LENGTH + 1);
+		if(strlen($message) > $maxTotalLength){
+			return false;
+		}
+
 		$message = TextFormat::clean($message, false);
-		foreach(explode("\n", $message) as $messagePart){
+		foreach(explode("\n", $message, $this->messageCounter + 1) as $messagePart){
 			if(trim($messagePart) !== "" && strlen($messagePart) <= self::MAX_CHAT_BYTE_LENGTH && mb_strlen($messagePart, 'UTF-8') <= self::MAX_CHAT_CHAR_LENGTH && $this->messageCounter-- > 0){
 				if(strpos($messagePart, './') === 0){
 					$messagePart = substr($messagePart, 1);