geforkt von Mirrors/Paper
899bc53b79
Upstream has released updates that appears to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: f47abd88 SPIGOT-6242: Fix some file line endings de96535b SPIGOT-6234: enum classes don't serialize properly when implementing ConfigurationSerializable CraftBukkit Changes: 4475707d SPIGOT-6244: /spawnpoint ignores angle 8b3b096d SPIGOT-6242: Fix some file line endings 4b33c749 SPIGOT-6186: Canceling a CreatureSpawnEvent results in a "Unable to summon entity due to duplicate UUIDs" error 2b3ca726 SPIGOT-6236: Vehicle passenger portal cooldown does not change
27 Zeilen
1.8 KiB
Diff
27 Zeilen
1.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
index 9a7a1ebc7b0d4b013575da622ee149249d39590c..37b7925b0c6dea0920d67cacf3b1982e8034e202 100644
|
|
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
@@ -735,7 +735,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
|
|
@Override
|
|
public void a(PacketPlayInPickItem packetplayinpickitem) {
|
|
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
|
|
- this.player.inventory.c(packetplayinpickitem.b());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
|
|
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));
|