1
0

Increase limit of serialized long strings

This commit is contained in:
kwolekr 2015-07-14 03:22:16 -04:00
parent 5006ce8260
commit 515e7028ac
2 changed files with 10 additions and 4 deletions

View File

@ -126,6 +126,10 @@ std::wstring deSerializeWideString(std::istream &is)
std::string serializeLongString(const std::string &plain) std::string serializeLongString(const std::string &plain)
{ {
char buf[4]; char buf[4];
if (plain.size() > LONG_STRING_MAX)
throw SerializationError("String too long for serializeLongString");
writeU32((u8*)&buf[0], plain.size()); writeU32((u8*)&buf[0], plain.size());
std::string s; std::string s;
s.append(buf, 4); s.append(buf, 4);
@ -147,8 +151,10 @@ std::string deSerializeLongString(std::istream &is)
return s; return s;
// We don't really want a remote attacker to force us to allocate 4GB... // We don't really want a remote attacker to force us to allocate 4GB...
if (s_size > LONG_STRING_MAX) if (s_size > LONG_STRING_MAX) {
throw SerializationError("deSerializeLongString: string too long"); throw SerializationError("deSerializeLongString: "
"string too long: " + itos(s_size) + " bytes");
}
Buffer<char> buf2(s_size); Buffer<char> buf2(s_size);
is.read(&buf2[0], s_size); is.read(&buf2[0], s_size);

View File

@ -426,8 +426,8 @@ inline video::SColor readARGB8(std::istream &is)
More serialization stuff More serialization stuff
*/ */
// 8 MB is a conservative limit. Increase later if problematic. // 64 MB ought to be enough for anybody - Billy G.
#define LONG_STRING_MAX (8 * 1024 * 1024) #define LONG_STRING_MAX (64 * 1024 * 1024)
// Creates a string with the length as the first two bytes // Creates a string with the length as the first two bytes
std::string serializeString(const std::string &plain); std::string serializeString(const std::string &plain);