SpigotMC · Outfluencer · Aug 23, 2024 · Aug 23, 2024 · Aug 23, 2024 · Aug 23, 2024
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java b/protocol/src/main/java/net/md_5/bungee/protocol/packet/CookieResponse.java
@@ -23,7 +23,7 @@ public class CookieResponse extends DefinedPacket
     public void read(ByteBuf buf, ProtocolConstants.Direction direction, int protocolVersion)
     {
         cookie = readString( buf );
-        data = readNullable( DefinedPacket::readArray, buf );
+        data = readNullable( read -> DefinedPacket.readArray( read, 5120 ), buf );
     }
 
     @Override

diff --git a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java
@@ -716,6 +716,10 @@ public void handle(CookieResponse cookieResponse)
 
             throw CancelSendSignal.INSTANCE;
         }
+
+        // if there is no userCon we can't have a connection to a backend server that could have requested this cookie
+        // witch means that this cookie is invalid as the proxy also has not requested it
+        Preconditions.checkState( userCon != null, "not requested cookie received" );
     }
 
     @Override