13
0
geforkt von Mirrors/Paper
Paper/Spigot-Server-Patches/0495-Validate-PickItem-Packet-and-kick-for-invalid.patch
Aikar 4ae089597b
Fix collision checks on spawning hanging entities and null on async chunk loads
getCubes will now always load chunks
getChunk with gen false will now not throw error

Fixes #3368
Fixes #3364
2020-05-14 05:05:13 -04:00

27 Zeilen
1.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index 0fd2c17f8c4b556364e359b72d6e56a5c93d727f..066438f4ace35310d363e856a22e2f8b48445768 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -696,7 +696,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
@Override
public void a(PacketPlayInPickItem packetplayinpickitem) {
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
- this.player.inventory.c(packetplayinpickitem.b());
+ // Paper start - validate pick item position
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
+ // Paper end
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));