058d7c1aa3
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 13eb4146 SPIGOT-5217, SPIGOT-6183: Add RespawnReason to PlayerRespawnEvent CraftBukkit Changes: 5ee3419b7 SPIGOT-5217, SPIGOT-6183: Add RespawnReason to PlayerRespawnEvent Spigot Changes: 514cf03a Rebuild patches and add RespawnReason.PLUGIN to Player#respawn
27 Zeilen
1.9 KiB
Diff
27 Zeilen
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index e4d65aff300c276d0968b9786ddc20ba63caca41..2a35bedae3682126b365c6fd56b0db5febd7fccb 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -958,7 +958,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.getLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|