mirror of
https://github.com/GravitLauncher/Launcher
synced 2024-12-23 00:51:01 +03:00
Фикс уязвимости, позволяющей положить лаунчсервер запросами с невалидной длинной
This commit is contained in:
parent
82ee2e43c3
commit
fe9551636e
2 changed files with 4 additions and 1 deletions
|
@ -5,6 +5,7 @@
|
|||
|
||||
import ru.gravit.launcher.serialize.HInput;
|
||||
import ru.gravit.launcher.serialize.HOutput;
|
||||
import ru.gravit.launcher.serialize.SerializeLimits;
|
||||
import ru.gravit.launcher.serialize.signed.DigestBytesHolder;
|
||||
import ru.gravit.launchserver.LaunchServer;
|
||||
import ru.gravit.launchserver.response.Response;
|
||||
|
@ -25,7 +26,7 @@ public void reply() throws IOException {
|
|||
return;
|
||||
}
|
||||
Client client = server.sessionManager.getOrNewClient(session);
|
||||
byte[] digest = input.readByteArray(0);
|
||||
byte[] digest = input.readByteArray(SerializeLimits.MAX_DIGEST);
|
||||
if (!Arrays.equals(bytes.getDigest(), digest)) {
|
||||
writeNoError(output);
|
||||
output.writeBoolean(true);
|
||||
|
|
|
@ -15,4 +15,6 @@ public class SerializeLimits {
|
|||
public static final int MAX_BATCH_SIZE = 128;
|
||||
@LauncherAPI
|
||||
public static final byte EXPECTED_BYTE = 0b01010101;
|
||||
@LauncherAPI
|
||||
public static final int MAX_DIGEST = 512;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue