From e7b05beb7d90b4ea53ef13da86ff8b8ccde1193b Mon Sep 17 00:00:00 2001
From: sfan5 <sfan5@live.de>
Date: Thu, 19 Aug 2021 20:14:22 +0200
Subject: Validate staticdata and object property length limits (#11511)

Some games provide users with enough freedom to create items
with metadata longer than 64KB, preventing this from causing
issues is on them but we'll still do the minimum not to abort
the server if this happens.
---
 src/staticobject.cpp | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'src/staticobject.cpp')

diff --git a/src/staticobject.cpp b/src/staticobject.cpp
index 86e455b9f..1160ec68f 100644
--- a/src/staticobject.cpp
+++ b/src/staticobject.cpp
@@ -37,6 +37,7 @@ void StaticObject::serialize(std::ostream &os)
 	// data
 	os<<serializeString16(data);
 }
+
 void StaticObject::deSerialize(std::istream &is, u8 version)
 {
 	// type
@@ -49,6 +50,29 @@ void StaticObject::deSerialize(std::istream &is, u8 version)
 
 void StaticObjectList::serialize(std::ostream &os)
 {
+	// Check for problems first
+	auto problematic = [] (StaticObject &obj) -> bool {
+		if (obj.data.size() > U16_MAX) {
+			errorstream << "StaticObjectList::serialize(): "
+				"object has excessive static data (" << obj.data.size() <<
+				"), deleting it." << std::endl;
+			return true;
+		}
+		return false;
+	};
+	for (auto it = m_stored.begin(); it != m_stored.end(); ) {
+		if (problematic(*it))
+			it = m_stored.erase(it);
+		else
+			it++;
+	}
+	for (auto it = m_active.begin(); it != m_active.end(); ) {
+		if (problematic(it->second))
+			it = m_active.erase(it);
+		else
+			it++;
+	}
+
 	// version
 	u8 version = 0;
 	writeU8(os, version);
-- 
cgit v1.2.3