search

pmmp / PocketMine-MP

A server software for Minecraft: Bedrock Edition in PHP
https://pmmp.io
GNU Lesser General Public License v3.0
3.25k stars 1.53k forks source link

Books has no limits #3459

Closed UnknownOre closed 1 year ago

UnknownOre commented 4 years ago

Issue description

There no checks for book Limit chars per page and pages limit, that might lead to a lot of issues one of them is reaching the limit of bytes in a chunk "Chunk data is too big" on pm3 (not sure about 4.x.x)

Disclaimer this Bug/exploit wasn't discovered by me, @DenielWorld told me about this exploit.

Steps to reproduce the issue

  1. Write a book with magic (hacks)

OS and versions

Crashdump, backtrace or other files

dktapps commented 4 years ago

This is a flaw of Region-based chunk formats. Not much can be done to address it. Limiting the amount of text in books doesn't help because you can just create lots of books instead.

dktapps commented 1 year ago

Validation, length checks and page count checks were added by 3ed57ce49a6b5ea49ced6d9622af04cf35120d79.

Since region-based world formats are no longer used in PM4 and up, I think this issue can be considered resolved.