-
-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Packet cooldowns and content validation #4782
base: master
Are you sure you want to change the base?
Conversation
I do not know why they saved it if it is not used anywhere If they decide it is necessary, only one UUID is sent when changing emotions, with a limit of 50 I think that is sufficient, and the outdated ones can simply be deleted
Fix from qrvprox
check if the code is working correctly
Вроде все работает нет времени в данный момент
core/src/main/java/org/geysermc/geyser/network/UpstreamPacketHandler.java
Show resolved
Hide resolved
core/src/main/java/org/geysermc/geyser/translator/protocol/bedrock/BedrockTextTranslator.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/geysermc/geyser/translator/protocol/bedrock/BedrockTextTranslator.java
Outdated
Show resolved
Hide resolved
if (command.length() > 512) { | ||
// A legitimate player cannot send more than 512 characters | ||
// This is necessary so that the conversion to plain text is not clogged | ||
session.sendMessage(GeyserLocale.getPlayerLocaleString("geyser.chat.too_long", session.locale(), command.length())); | ||
return; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, if the game does not allow you to submit more than 512 characters from a player, I think here you can already get into the protocol
core/src/main/java/org/geysermc/geyser/network/CodecProcessor.java
Outdated
Show resolved
Hide resolved
I hope this limit will make in CloudburstMC/Protocol, I have no desire to go there |
core/src/main/java/org/geysermc/geyser/network/CodecProcessor.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/geysermc/geyser/translator/protocol/bedrock/BedrockTextTranslator.java
Outdated
Show resolved
Hide resolved
@@ -136,6 +105,87 @@ public void deserialize(ByteBuf buffer, BedrockCodecHelper helper, InventorySlot | |||
} | |||
}; | |||
|
|||
|
|||
/** | |||
* The player can cause a packet error themselves, which hackers can exploit to spam legitimate errors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand this comment. We now disconnect on the first error for any packet. Regardless, this seems like it should be a change in protocol, not Geyser. Changes in here should only be things we can do as a result of fields we do not need in Geyser.
core/src/main/java/org/geysermc/geyser/network/CodecProcessor.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/geysermc/geyser/network/PacketCooldownManager.java
Outdated
Show resolved
Hide resolved
import java.util.Map; | ||
|
||
public class PacketCooldownManager { | ||
private final Map<String, CooldownSettings> packetCooldownSettings = new HashMap<>(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use fastutil Object2ObjectMap.
core/src/main/java/org/geysermc/geyser/network/PacketCooldownManager.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/geysermc/geyser/network/PacketCooldownManager.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/geysermc/geyser/network/UpstreamPacketHandler.java
Outdated
Show resolved
Hide resolved
The pull request is ready, please check |
Unfortunately, it's not. Please address the notes in kastle's review, such as the imports. Further, some of Kastle's questions haven't been answered. |
please check |
No description provided.