mirror of
https://github.com/minetest/minetest.git
synced 2025-01-12 16:27:30 +01:00
Increase limit of serialized long strings
This commit is contained in:
parent
5006ce8260
commit
515e7028ac
@ -126,6 +126,10 @@ std::wstring deSerializeWideString(std::istream &is)
|
|||||||
std::string serializeLongString(const std::string &plain)
|
std::string serializeLongString(const std::string &plain)
|
||||||
{
|
{
|
||||||
char buf[4];
|
char buf[4];
|
||||||
|
|
||||||
|
if (plain.size() > LONG_STRING_MAX)
|
||||||
|
throw SerializationError("String too long for serializeLongString");
|
||||||
|
|
||||||
writeU32((u8*)&buf[0], plain.size());
|
writeU32((u8*)&buf[0], plain.size());
|
||||||
std::string s;
|
std::string s;
|
||||||
s.append(buf, 4);
|
s.append(buf, 4);
|
||||||
@ -147,8 +151,10 @@ std::string deSerializeLongString(std::istream &is)
|
|||||||
return s;
|
return s;
|
||||||
|
|
||||||
// We don't really want a remote attacker to force us to allocate 4GB...
|
// We don't really want a remote attacker to force us to allocate 4GB...
|
||||||
if (s_size > LONG_STRING_MAX)
|
if (s_size > LONG_STRING_MAX) {
|
||||||
throw SerializationError("deSerializeLongString: string too long");
|
throw SerializationError("deSerializeLongString: "
|
||||||
|
"string too long: " + itos(s_size) + " bytes");
|
||||||
|
}
|
||||||
|
|
||||||
Buffer<char> buf2(s_size);
|
Buffer<char> buf2(s_size);
|
||||||
is.read(&buf2[0], s_size);
|
is.read(&buf2[0], s_size);
|
||||||
|
@ -426,8 +426,8 @@ inline video::SColor readARGB8(std::istream &is)
|
|||||||
More serialization stuff
|
More serialization stuff
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// 8 MB is a conservative limit. Increase later if problematic.
|
// 64 MB ought to be enough for anybody - Billy G.
|
||||||
#define LONG_STRING_MAX (8 * 1024 * 1024)
|
#define LONG_STRING_MAX (64 * 1024 * 1024)
|
||||||
|
|
||||||
// Creates a string with the length as the first two bytes
|
// Creates a string with the length as the first two bytes
|
||||||
std::string serializeString(const std::string &plain);
|
std::string serializeString(const std::string &plain);
|
||||||
|
Loading…
Reference in New Issue
Block a user