4bc15f13aa
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: e2160a18 Make MapCursor#type not depends on deprecated values CraftBukkit Changes: 6ce172642 SPIGOT-7761: Ender pearl does not damage or spawn endermites f5a63f734 SPIGOT-7759: Chunk not there when requested in ChunkUnloadEvent 28287259c Remove unused import eb9a7dde0 SPIGOT-7757: Cannot set item in Stonecutter Inventory f8be9d752 Move deserialized removed unhandled tags to dedicated removedTags a7e576186 Fix potential mutability issue with CraftMetaItem copy constructor 995885452 SPIGOT-7741: Vanilla ItemComponent in commands can't remove components 9ef69aa0b PR-1284: Move ItemType <-> ItemMeta linking to a centralized place 3e82eafbe PR-1420: Fix DirectEntity and CausingEntity Damager for Creepers ignited by Player c23daa71f SPIGOT-7751: Fix crash caused by arrows from trial spawners Make MapCursor#type not depends on deprecated values SPIGOT-7761: Ender pearl does not damage or spawn endermites
27 Zeilen
1.9 KiB
Diff
27 Zeilen
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index 39e273ada6225a4a5deb4830185a957e4ae9ab0d..9ca934b6f24d6a8d5e32f6c4cf728bee4b3f3e36 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -895,7 +895,14 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect(Component.literal("Invalid hotbar selection (Hacking?)"));
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end - validate pick item position
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|