Invalid Strings are Passed to Clients

clonejo / mc-erl

mc-erl is a server for Minecraft 1.4.7 written in Erlang.

GNU General Public License v3.0

44 stars 6 forks source link

Invalid Strings are Passed to Clients #7

Closed ddevault closed 12 years ago

ddevault commented 12 years ago

Strings with a length > 119, or with a character not accepted by vanilla Minecraft, will be passed along to each connected client in chat update (0x03) packets. This will crash any connected vanilla client when a malicious client sends a loaded string.

clonejo commented 12 years ago

Isn't the maximum string length the client can handle 119?

http://wiki.vg/Protocol#Chat_Message_.280x03.29

ddevault commented 12 years ago

Yes.

clonejo commented 12 years ago

Chat should be filtered using this list of allowed characters: http://wiki.vg/Chat

clonejo commented 12 years ago

done.