From 1db2ff18c35ee29469e1178d6ecefe378d32dd20 Mon Sep 17 00:00:00 2001
From: dadodasyra <dadodasyraminecraftien@gmail.com>
Date: Fri, 30 Dec 2022 21:53:28 +0100
Subject: [PATCH] Check InventoryTransactionPacket if it's too large and/or
 with items with exaggerated itemstack to avoid the DDOSing of some skiddies

---
 src/network/mcpe/NetworkSession.php              |  5 +++++
 src/network/mcpe/handler/InGamePacketHandler.php | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/src/network/mcpe/NetworkSession.php b/src/network/mcpe/NetworkSession.php
index 8bef42c365d..726bd7faee2 100644
--- a/src/network/mcpe/NetworkSession.php
+++ b/src/network/mcpe/NetworkSession.php
@@ -392,6 +392,11 @@ public function handleDataPacket(Packet $packet, string $buffer) : void{
 			throw new PacketHandlingException("Unexpected non-serverbound packet");
 		}
 
+		if (strlen($buffer) > 16500 && $packet->getName() === "InventoryTransactionPacket") {
+			$this->logger->debug("Huge InventoryTransactionPacket: " . base64_encode($buffer));
+			throw new PacketHandlingException("InventoryTransactionPacket too big");
+		}
+
 		$timings = Timings::getDecodeDataPacketTimings($packet);
 		$timings->startTiming();
 		try{
diff --git a/src/network/mcpe/handler/InGamePacketHandler.php b/src/network/mcpe/handler/InGamePacketHandler.php
index 2c8451839c9..1680952f1e0 100644
--- a/src/network/mcpe/handler/InGamePacketHandler.php
+++ b/src/network/mcpe/handler/InGamePacketHandler.php
@@ -338,7 +338,19 @@ private function handleNormalTransaction(NormalTransactionData $data) : bool{
 
 		$isCraftingPart = false;
 		$converter = TypeConverter::getInstance();
+		if(count($data->getActions()) > 50) {
+			$this->session->getLogger()->debug("Too much actions asked by the client (".count($data->getActions())."), ignoring");
+			return false;
+		}
 		foreach($data->getActions() as $networkInventoryAction){
+			if ($networkInventoryAction->oldItem->getItemStack()->getCount() > 99) {
+				$this->session->getLogger()->debug("Itemstack of olditem is too big (".$networkInventoryAction->oldItem->getItemStack()->getCount().")");
+				return false;
+			}
+			if ($networkInventoryAction->newItem->getItemStack()->getCount() > 99) {
+				$this->session->getLogger()->debug("Itemstack of newitem is too big (".$networkInventoryAction->newItem->getItemStack()->getCount().")");
+				return false;
+			}
 			if(
 				$networkInventoryAction->sourceType === NetworkInventoryAction::SOURCE_TODO || (
 					$this->craftingTransaction !== null &&