Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
Impact LoginPacket uses BinaryStream->getLInt() to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream->getLInt() returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size (which would be interpreted as a negative signed int32), causing BinaryStream->get() to throw an exception. In the context of PocketMine-MP, this leads to a server crash when the vulnerability is exploited. …