SteamWar/Velocity
13
0
Fork 0
geforkt von Mirrors/Velocity
Code Issues Pull-Requests Aktivität

Fix login with IPv6 and other potential security issues

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Andrew Steinborn 2018-12-14 14:41:46 -05:00
Ursprung 9a15a80627
Commit 10293aa542
1 geänderte Dateien mit 4 neuen und 2 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

6
proxy/src/main/java/com/velocitypowered/proxy/connection/client/LoginSessionHandler.java
Datei anzeigen

@ -6,6 +6,7 @@ import static com.velocitypowered.proxy.connection.VelocityConstants.VELOCITY_IP
import static com.velocitypowered.api.network.ProtocolVersion.*; import static com.velocitypowered.api.network.ProtocolVersion.*;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import com.google.common.net.UrlEscapers;
import com.velocitypowered.api.event.connection.LoginEvent; import com.velocitypowered.api.event.connection.LoginEvent;
import com.velocitypowered.api.event.connection.PostLoginEvent; import com.velocitypowered.api.event.connection.PostLoginEvent;
import com.velocitypowered.api.event.connection.PreLoginEvent; import com.velocitypowered.api.event.connection.PreLoginEvent;
@ -15,7 +16,6 @@ import com.velocitypowered.api.event.player.GameProfileRequestEvent;
import com.velocitypowered.api.proxy.InboundConnection; import com.velocitypowered.api.proxy.InboundConnection;
import com.velocitypowered.api.proxy.server.RegisteredServer; import com.velocitypowered.api.proxy.server.RegisteredServer;
import com.velocitypowered.api.util.GameProfile; import com.velocitypowered.api.util.GameProfile;
import com.velocitypowered.api.network.ProtocolVersion;
import com.velocitypowered.proxy.VelocityServer; import com.velocitypowered.proxy.VelocityServer;
import com.velocitypowered.proxy.connection.MinecraftConnection; import com.velocitypowered.proxy.connection.MinecraftConnection;
import com.velocitypowered.proxy.connection.MinecraftSessionHandler; import com.velocitypowered.proxy.connection.MinecraftSessionHandler;
@ -121,7 +121,9 @@ public class LoginSessionHandler implements MinecraftSessionHandler {
.generateServerId(decryptedSharedSecret, serverKeyPair.getPublic()); .generateServerId(decryptedSharedSecret, serverKeyPair.getPublic());
String playerIp = ((InetSocketAddress) inbound.getRemoteAddress()).getHostString(); String playerIp = ((InetSocketAddress) inbound.getRemoteAddress()).getHostString();
String url = String.format(MOJANG_HASJOINED_URL, login.getUsername(), serverId, playerIp); String url = String.format(MOJANG_HASJOINED_URL,
UrlEscapers.urlFormParameterEscaper().escape(login.getUsername()), serverId,
UrlEscapers.urlFormParameterEscaper().escape(playerIp));
server.getHttpClient() server.getHttpClient()
.get(new URL(url)) .get(new URL(url))
.thenAcceptAsync(profileResponse -> { .thenAcceptAsync(profileResponse -> {