Фикс уязвимости, позволяющей положить лаунчсервер запросами с невалидной длинной

This commit is contained in:
Gravit 2019-01-02 18:54:17 +07:00
parent 82ee2e43c3
commit fe9551636e
No known key found for this signature in database
GPG key ID: 061981E1E85D3216
2 changed files with 4 additions and 1 deletions

View file

@ -5,6 +5,7 @@
import ru.gravit.launcher.serialize.HInput; import ru.gravit.launcher.serialize.HInput;
import ru.gravit.launcher.serialize.HOutput; import ru.gravit.launcher.serialize.HOutput;
import ru.gravit.launcher.serialize.SerializeLimits;
import ru.gravit.launcher.serialize.signed.DigestBytesHolder; import ru.gravit.launcher.serialize.signed.DigestBytesHolder;
import ru.gravit.launchserver.LaunchServer; import ru.gravit.launchserver.LaunchServer;
import ru.gravit.launchserver.response.Response; import ru.gravit.launchserver.response.Response;
@ -25,7 +26,7 @@ public void reply() throws IOException {
return; return;
} }
Client client = server.sessionManager.getOrNewClient(session); Client client = server.sessionManager.getOrNewClient(session);
byte[] digest = input.readByteArray(0); byte[] digest = input.readByteArray(SerializeLimits.MAX_DIGEST);
if (!Arrays.equals(bytes.getDigest(), digest)) { if (!Arrays.equals(bytes.getDigest(), digest)) {
writeNoError(output); writeNoError(output);
output.writeBoolean(true); output.writeBoolean(true);

View file

@ -15,4 +15,6 @@ public class SerializeLimits {
public static final int MAX_BATCH_SIZE = 128; public static final int MAX_BATCH_SIZE = 128;
@LauncherAPI @LauncherAPI
public static final byte EXPECTED_BYTE = 0b01010101; public static final byte EXPECTED_BYTE = 0b01010101;
@LauncherAPI
public static final int MAX_DIGEST = 512;
} }