From 251488b3aa4145848bb9bfb91b65bd29362a186b Mon Sep 17 00:00:00 2001 From: sfan5 Date: Tue, 15 Jul 2025 12:41:38 +0200 Subject: [PATCH] Enforce explicit size limit for media files --- doc/lua_api.md | 3 +++ src/network/networkprotocol.h | 6 ++++++ src/server.cpp | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/doc/lua_api.md b/doc/lua_api.md index c4a59cf91..1b855e1d2 100644 --- a/doc/lua_api.md +++ b/doc/lua_api.md @@ -284,6 +284,9 @@ Accepted formats are: models: .x, .b3d, .obj, (since version 5.10:) .gltf, .glb fonts: .ttf, .woff (both since version 5.11, see notes below) +Currently the engine is unable to handle files over ~16MB in size. For best +performance you should keep your media files as small as reasonably possible. + Other formats won't be sent to the client (e.g. you can store .blend files in a folder for convenience, without the risk that such files are transferred) diff --git a/src/network/networkprotocol.h b/src/network/networkprotocol.h index 5ce3f4221..cd8983b2f 100644 --- a/src/network/networkprotocol.h +++ b/src/network/networkprotocol.h @@ -16,8 +16,14 @@ constexpr u16 CLIENT_PROTOCOL_VERSION_MIN = 37; extern const u16 FORMSPEC_API_VERSION; +// (applies to all media files, not just textures) #define TEXTURENAME_ALLOWED_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.-" +// Due to our network protocol the maximum window size determines the maximum +// media size we can safely allow. See the comment and check in Connection::Send(). +// This is a bit lower to include safety margin. +#define MEDIAFILE_MAX_SIZE (16700000U) + typedef u16 session_t; enum ToClientCommand : u16 diff --git a/src/server.cpp b/src/server.cpp index dd73ef0e6..7648a43ba 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -2586,6 +2586,12 @@ bool Server::addMediaFile(const std::string &filename, << filepath << "\"" << std::endl; return false; } + if (filedata.size() > MEDIAFILE_MAX_SIZE) { + errorstream << "Server::addMediaFile(): \"" + << filepath << "\" is too big (" << (filedata.size() >> 10) + << "KiB). The internal limit is " << (MEDIAFILE_MAX_SIZE >> 10) << "KiB." << std::endl; + return false; + } std::string sha1 = hashing::sha1(filedata); std::string sha1_hex = hex_encode(sha1);