Impact
pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects.
This leads to a server crash if the skin geometry data is invalid for some reason (e.g. a syntax error).
Patches
c9626c6
Workarounds
A plugin could handle LoginPacket and PlayerSkinPacket to verify the skin geometry data can be parsed correctly, so that the error condition in the core code is never reached.
For more information
If you have any questions or comments about this advisory:
Impact
pocketmine\entity\Skindoesn't correctly handle errors produced byadhocore/json-comment, which throwsRuntimeExceptionrather than returningfalseas PocketMine-MP expects.This leads to a server crash if the skin geometry data is invalid for some reason (e.g. a syntax error).
Patches
c9626c6
Workarounds
A plugin could handle
LoginPacketandPlayerSkinPacketto verify the skin geometry data can be parsed correctly, so that the error condition in the core code is never reached.For more information
If you have any questions or comments about this advisory: