diff options
author | Alexander Harkness <me@bearbin.net> | 2021-12-10 21:22:53 +0100 |
---|---|---|
committer | Alexander Harkness <me@bearbin.net> | 2021-12-11 00:00:37 +0100 |
commit | 0f8a8de77c0ea20060a927ef49af20af5345a138 (patch) | |
tree | 8ac41663a2d84f6ac151979f775a3fd542ca4775 /src | |
parent | ItemHandler initialisation is a constant expression (#5344) (diff) | |
download | cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.gz cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.bz2 cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.lz cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.xz cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.tar.zst cuberite-0f8a8de77c0ea20060a927ef49af20af5345a138.zip |
Diffstat (limited to '')
-rw-r--r-- | src/Protocol/Protocol_1_8.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/Protocol/Protocol_1_8.cpp b/src/Protocol/Protocol_1_8.cpp index 5bf25f347..85765c406 100644 --- a/src/Protocol/Protocol_1_8.cpp +++ b/src/Protocol/Protocol_1_8.cpp @@ -365,6 +365,12 @@ void cProtocol_1_8_0::SendChatRaw(const AString & a_MessageRaw, eChatType a_Type { ASSERT(m_State == 3); // In game mode? + // Prevent chat messages that might trigger CVE-2021-44228 + if (a_MessageRaw.find("${jndi") != std::string::npos) + { + return; + } + // Send the json string to the client: cPacketizer Pkt(*this, pktChatRaw); Pkt.WriteString(a_MessageRaw); |