+- Cuberite Forum (https://forum.cuberite.org)
+-- Forum: Cuberite (https://forum.cuberite.org/forum-4.html)
+--- Forum: Discussion (https://forum.cuberite.org/forum-5.html)
+--- Thread: Security issue in Java based server (/thread-1878.html)
Pages:
1
2
RE: Security issue in Java based server - tigerw - 04-19-2015
(04-18-2015, 11:11 PM)Jammet Wrote: Sadly, I know nothing John Snow, er I mean, of how to work it. Hope you all on the team find it's not too much hassle.
References.
RE: Security issue in Java based server - xoft - 04-19-2015
Recursion depth alone won't prevent this attack - it has a maximum depth of 6, which is a perfectly reasonable NBT depth. And again, what maximum size to choose for the uncompressed packets?
RE: Security issue in Java based server - worktycho - 04-19-2015
Well since we limit packet size to 32 KiB I suggest 512 KiB as a limit. Most non-pathological structured data has a less than 10:1 compression ratio so having a limit of 16 times compressed size seems reasonable. Limiting this in the NBT parser could be as simple as limiting the size of cFastNBT::m_Tags to a sensible value. Can I suggest 1,000?
Recursion depth for NBT was more of a general issue as if you can jump the guard page it allows the attacker to write arbitrary data to memory.