Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Increase limit of serialized long strings
  • Loading branch information
kwolekr committed Jul 14, 2015
1 parent 5006ce8 commit 515e702
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
10 changes: 8 additions & 2 deletions src/util/serialize.cpp
Expand Up @@ -126,6 +126,10 @@ std::wstring deSerializeWideString(std::istream &is)
std::string serializeLongString(const std::string &plain)
{
char buf[4];

if (plain.size() > LONG_STRING_MAX)
throw SerializationError("String too long for serializeLongString");

writeU32((u8*)&buf[0], plain.size());
std::string s;
s.append(buf, 4);
Expand All @@ -147,8 +151,10 @@ std::string deSerializeLongString(std::istream &is)
return s;

// We don't really want a remote attacker to force us to allocate 4GB...
if (s_size > LONG_STRING_MAX)
throw SerializationError("deSerializeLongString: string too long");
if (s_size > LONG_STRING_MAX) {
throw SerializationError("deSerializeLongString: "
"string too long: " + itos(s_size) + " bytes");
}

Buffer<char> buf2(s_size);
is.read(&buf2[0], s_size);
Expand Down
4 changes: 2 additions & 2 deletions src/util/serialize.h
Expand Up @@ -426,8 +426,8 @@ inline video::SColor readARGB8(std::istream &is)
More serialization stuff
*/

// 8 MB is a conservative limit. Increase later if problematic.
#define LONG_STRING_MAX (8 * 1024 * 1024)
// 64 MB ought to be enough for anybody - Billy G.
#define LONG_STRING_MAX (64 * 1024 * 1024)

// Creates a string with the length as the first two bytes
std::string serializeString(const std::string &plain);
Expand Down

0 comments on commit 515e702

Please sign in to comment.