3
0
Mirror von https://github.com/PaperMC/Paper.git synchronisiert 2024-11-15 12:30:06 +01:00
Paper/patches/server/0385-Validate-PickItem-Packet-and-kick-for-invalid.patch
Jake Potrebic 2fa8efce9b
Updated Upstream (Bukkit/CraftBukkit) (#9485)
Upstream has released updates that appear to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Bukkit Changes:
82af5dc6 SPIGOT-7396: Add PlayerSignOpenEvent
3f0281ca SPIGOT-7063, PR-763: Add DragonBattle#initiateRespawn with custom EnderCrystals
f83c8df4 PR-873: Add PlayerRecipeBookClickEvent
14560d39 SPIGOT-7435: Add TeleportCause#EXIT_BED
2cc6db92 SPIGOT-7422, PR-887: Add API to set sherds on decorated pots
36022f02 PR-883: Add ItemFactory#getSpawnEgg
12eb5c46 PR-881: Update Scoreboard Javadocs, remove explicit exception throwing
f6d8d44a PR-882: Add modern time API methods to ban API
21a7b710 Upgrade some Maven plugins to reduce warnings
11fd1225 PR-886: Deprecate the SmithingRecipe constructor as it now does nothing
dbd1761d SPIGOT-7406: Improve documentation for getDragonBattle

CraftBukkit Changes:
d548daac2 SPIGOT-7446: BlockState#update not updating a spawner's type to null
70e0bc050 SPIGOT-7447: Fix --forceUpgrade
6752f1d63 SPIGOT-7396: Add PlayerSignOpenEvent
847b4cad5 SPIGOT-7063, PR-1071: Add DragonBattle#initiateRespawn with custom EnderCrystals
c335a555f PR-1212: Add PlayerRecipeBookClickEvent
4be756ecb SPIGOT-7445: Fix opening smithing inventory
db70bd6ed SPIGOT-7441: Fix issue placing certain items in creative/op
f7fa6d993 SPIGOT-7435: Add TeleportCause#EXIT_BED
b435e8e8d SPIGOT-7349: Player#setDisplayName not working when message/format unmodified
a2fafdd1d PR-1232: Re-add fix for player rotation
7cf863de1 PR-1233: Remove some old MC bug fixes now fixed in vanilla
08ec344ad Fix ChunkGenerator#generateCaves never being called
5daeb502a SPIGOT-7422, PR-1228: Add API to set sherds on decorated pots
52faa6b32 PR-1224: Add ItemFactory#getSpawnEgg
01cae71b7 SPIGOT-7429: Fix LEFT_CLICK_AIR not working for passable entities and spectators
a94277a18 PR-1223: Remove non-existent scoreboard display name/prefix/suffix limits
36b107660 PR-1225: Add modern time API methods to ban API
59ead25bc Upgrade some Maven plugins to reduce warnings
202fc5c4e Increase outdated build delay
ce545de57 SPIGOT-7398: TextDisplay#setInterpolationDuration incorrectly updates the line width

Spigot Changes:
b41c46db Rebuild patches
3374045a SPIGOT-7431: Fix EntityMountEvent returning opposite entities
0ca4eb66 Rebuild patches
2023-08-05 17:21:59 -07:00

27 Zeilen
1.9 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index 7f63eef706021e05ddb01ddc38ce672e5b0a5531..2f220a0b42aae276f9fb7a3f4ec5d2890b61af16 100644
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -969,7 +969,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
@Override
public void handlePickItem(ServerboundPickItemPacket packet) {
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
- this.player.getInventory().pickSlot(packet.getSlot());
+ // Paper start - validate pick item position
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
+ // Paper end
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));