From 7bec4b2f126ab0d02f170be11073525dbba6f122 Mon Sep 17 00:00:00 2001 From: Andrew Steinborn Date: Wed, 28 Oct 2020 18:54:51 -0400 Subject: [PATCH] Don't let clients fake being the BungeeCord plugin message channel --- .../connection/backend/BungeeCordMessageResponder.java | 10 +++++++--- .../connection/client/ClientPlaySessionHandler.java | 3 +++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BungeeCordMessageResponder.java b/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BungeeCordMessageResponder.java index e8896cf63..f9f61a7a4 100644 --- a/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BungeeCordMessageResponder.java +++ b/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BungeeCordMessageResponder.java @@ -27,7 +27,7 @@ import net.kyori.adventure.text.serializer.legacy.LegacyComponentSerializer; @SuppressFBWarnings(value = "OS_OPEN_STREAM", justification = "Most methods in this class open " + "instances of ByteBufDataOutput backed by heap-allocated ByteBufs. Closing them does " + "nothing.") -class BungeeCordMessageResponder { +public class BungeeCordMessageResponder { private static final MinecraftChannelIdentifier MODERN_CHANNEL = MinecraftChannelIdentifier .create("bungeecord", "main"); @@ -42,6 +42,11 @@ class BungeeCordMessageResponder { this.player = player; } + public static boolean isBungeeCordMessage(PluginMessage message) { + return MODERN_CHANNEL.getId().equals(message.getChannel()) && !LEGACY_CHANNEL.getId() + .equals(message.getChannel()); + } + private void processConnect(ByteBufDataInput in) { String serverName = in.readUTF(); proxy.getServer(serverName).ifPresent(server -> player.createConnectionRequest(server) @@ -307,8 +312,7 @@ class BungeeCordMessageResponder { return false; } - if (!MODERN_CHANNEL.getId().equals(message.getChannel()) && !LEGACY_CHANNEL.getId() - .equals(message.getChannel())) { + if (!isBungeeCordMessage(message)) { return false; } diff --git a/proxy/src/main/java/com/velocitypowered/proxy/connection/client/ClientPlaySessionHandler.java b/proxy/src/main/java/com/velocitypowered/proxy/connection/client/ClientPlaySessionHandler.java index 956772000..b2cb097ea 100644 --- a/proxy/src/main/java/com/velocitypowered/proxy/connection/client/ClientPlaySessionHandler.java +++ b/proxy/src/main/java/com/velocitypowered/proxy/connection/client/ClientPlaySessionHandler.java @@ -16,6 +16,7 @@ import com.velocitypowered.proxy.VelocityServer; import com.velocitypowered.proxy.connection.MinecraftConnection; import com.velocitypowered.proxy.connection.MinecraftSessionHandler; import com.velocitypowered.proxy.connection.backend.BackendConnectionPhases; +import com.velocitypowered.proxy.connection.backend.BungeeCordMessageResponder; import com.velocitypowered.proxy.connection.backend.VelocityServerConnection; import com.velocitypowered.proxy.protocol.MinecraftPacket; import com.velocitypowered.proxy.protocol.StateRegistry; @@ -194,6 +195,8 @@ public class ClientPlaySessionHandler implements MinecraftSessionHandler { } else if (PluginMessageUtil.isMcBrand(packet)) { backendConn.write(PluginMessageUtil .rewriteMinecraftBrand(packet, server.getVersion(), player.getProtocolVersion())); + } else if (BungeeCordMessageResponder.isBungeeCordMessage(packet)) { + return true; } else { if (serverConn.getPhase() == BackendConnectionPhases.IN_TRANSITION) { // We must bypass the currently-connected server when forwarding Forge packets.