From 0f8a8de77c0ea20060a927ef49af20af5345a138 Mon Sep 17 00:00:00 2001 From: Alexander Harkness Date: Fri, 10 Dec 2021 20:22:53 +0000 Subject: Mitigate against CVE-2021-44228 --- src/Protocol/Protocol_1_8.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/Protocol/Protocol_1_8.cpp') diff --git a/src/Protocol/Protocol_1_8.cpp b/src/Protocol/Protocol_1_8.cpp index 5bf25f347..85765c406 100644 --- a/src/Protocol/Protocol_1_8.cpp +++ b/src/Protocol/Protocol_1_8.cpp @@ -365,6 +365,12 @@ void cProtocol_1_8_0::SendChatRaw(const AString & a_MessageRaw, eChatType a_Type { ASSERT(m_State == 3); // In game mode? + // Prevent chat messages that might trigger CVE-2021-44228 + if (a_MessageRaw.find("${jndi") != std::string::npos) + { + return; + } + // Send the json string to the client: cPacketizer Pkt(*this, pktChatRaw); Pkt.WriteString(a_MessageRaw); -- cgit v1.2.3