summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Harkness <me@bearbin.net>2021-12-10 21:22:53 +0100
committerAlexander Harkness <me@bearbin.net>2021-12-11 00:00:37 +0100
commit0f8a8de77c0ea20060a927ef49af20af5345a138 (patch)
tree8ac41663a2d84f6ac151979f775a3fd542ca4775
parentItemHandler initialisation is a constant expression (#5344) (diff)
downloadcuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar
cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.gz
cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.bz2
cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.lz
cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.xz
cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.zst
cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.zip
-rw-r--r--src/Protocol/Protocol_1_8.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/Protocol/Protocol_1_8.cpp b/src/Protocol/Protocol_1_8.cpp
index 5bf25f347..85765c406 100644
--- a/src/Protocol/Protocol_1_8.cpp
+++ b/src/Protocol/Protocol_1_8.cpp
@@ -365,6 +365,12 @@ void cProtocol_1_8_0::SendChatRaw(const AString & a_MessageRaw, eChatType a_Type
{
ASSERT(m_State == 3); // In game mode?
+ // Prevent chat messages that might trigger CVE-2021-44228
+ if (a_MessageRaw.find("${jndi") != std::string::npos)
+ {
+ return;
+ }
+
// Send the json string to the client:
cPacketizer Pkt(*this, pktChatRaw);
Pkt.WriteString(a_MessageRaw);