File tree 2 files changed +10
-4
lines changed
2 files changed +10
-4
lines changed Original file line number Diff line number Diff line change @@ -126,6 +126,10 @@ std::wstring deSerializeWideString(std::istream &is)
126126std::string serializeLongString (const std::string &plain)
127127{
128128 char buf[4 ];
129+
130+ if (plain.size () > LONG_STRING_MAX)
131+ throw SerializationError (" String too long for serializeLongString"
132+
129133 writeU32 ((u8*)&buf[0 ], plain.size ());
130134 std::string s;
131135 s.append (buf, 4 );
@@ -147,8 +151,10 @@ std::string deSerializeLongString(std::istream &is)
147151 return s;
148152
149153 // We don't really want a remote attacker to force us to allocate 4GB...
150- if (s_size > LONG_STRING_MAX)
151- throw SerializationError (" deSerializeLongString: string too long"
154+ if (s_size > LONG_STRING_MAX) {
155+ throw SerializationError (" deSerializeLongString: "
156+ " string too long: " itos (s_size) + " bytes"
157+ }
152158
153159 Buffer<char > buf2 (s_size);
154160 is.read (&buf2[0 ], s_size);
Original file line number Diff line number Diff line change @@ -426,8 +426,8 @@ inline video::SColor readARGB8(std::istream &is)
426426 More serialization stuff
427427*/
428428
429- // 8 MB is a conservative limit. Increase later if problematic .
430- #define LONG_STRING_MAX (8 * 1024 * 1024 )
429+ // 64 MB ought to be enough for anybody - Billy G .
430+ #define LONG_STRING_MAX (64 * 1024 * 1024 )
431431
432432// Creates a string with the length as the first two bytes
433433std::string serializeString (const std::string &plain);
You can’t perform that action at this time.
0 commit comments