3
0
Mirror von https://github.com/PaperMC/Paper.git synchronisiert 2024-12-16 03:20:07 +01:00
Paper/Spigot-Server-Patches/0466-Validate-PickItem-Packet-and-kick-for-invalid.patch
Aikar 64ed429884
(FIRST 1.16.3): Update Paper to 1.16.3
This is a pretty tiny update with very little changed. Recommended to update
from 1.16.2 ASAP as 1.16.2 is now no longer supported.

Plugins should mostly remain working as the NMS revision did not change.
2020-09-10 19:47:58 -04:00

27 Zeilen
1.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index 256ee3f8d8ef5a8e5b2a833b66c10e906de75b2c..6b7894a712abf435df028b4036a88b9acea148e6 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -692,7 +692,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
@Override
public void a(PacketPlayInPickItem packetplayinpickitem) {
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
- this.player.inventory.c(packetplayinpickitem.b());
+ // Paper start - validate pick item position
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
+ // Paper end
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));