papermc/patches/unapplied/server/0355-Validate-PickItem-Packet-and-kick-for-invalid.patch

27 lines
1.9 KiB
Diff
Raw Normal View History

2021-06-11 12:02:28 +00:00
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index e728b9f317d12c3c452db70ba7d1e930c84e345d..7277c9b82c127cd38db2daec3df4d33e8376b8dc 100644
2021-06-11 12:02:28 +00:00
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
Updated Upstream (Bukkit/CraftBukkit) Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 69fa4695 Add some missing deprecation annotations f850da2e Update Maven plugins/versions 8d8400db Use regular compiler seeing as ECJ doesn't support Java 21 JRE c29e1688 Revert "BUILDTOOLS-676: Downgrade Maven compiler version" 07bce714 SPIGOT-7355: More field renames and fixes 6a8ea764 Fix bad merge in penultimate commit 50a7920c Fix imports in previous commit 83640dd1 PR-995: Add required feature to MinecraftExperimental for easy lookups fc1f96cf BUILDTOOLS-676: Downgrade Maven compiler version CraftBukkit Changes: 90f1059ba Fix item placement 661afb43c SPIGOT-7633: Clearer error message for missing particle data 807b465b3 SPIGOT-7634: Armadillo updates infrequently 590cf09a8 Fix unit tests always seeing Mojang server as unavailable 7c7ac5eb2 SPIGOT-7636: Fix clearing ItemMeta 4a72905cf SPIGOT-7635: Fix Player#transfer and cookie methods ebb50e136 Fix incorrect Vault implementation b33fed8b7 Update Maven plugins/versions 6f00f0608 SPIGOT-7632: Control middle clicking chest does not copy contents db821f405 Use regular compiler seeing as ECJ doesn't support Java 21 JRE 8a2976737 Revert "BUILDTOOLS-676: Downgrade Maven compiler version" 0297f87bb SPIGOT-7355: More field renames and fixes 2d03bdf6a SPIGOT-7629: Fix loading banner patterns e77951fac Fix equality of deserialized display names c66f3e4fd SPIGOT-7631: Fix deserialisation of BlockStateMeta 9c2c7be8d SPIGOT-7630: Fix crash saving unticked leashed entities 8c1e7c841 PR-1384: Disable certain PlayerProfile tests, if Mojang's services or internet are not available ced93d572 SPIGOT-7626: sendSignChange() has no effect c77362cae SPIGOT-7625: ItemStack with lore cannot be serialized in 1.20.5 ff2004387 SPIGOT-7620: Fix server crash when hoppers transfer items to double chests 8b4abeb03 BUILDTOOLS-676: Downgrade Maven compiler version
2024-04-25 21:21:18 +00:00
@@ -892,7 +892,14 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
2021-06-11 12:02:28 +00:00
@Override
public void handlePickItem(ServerboundPickItemPacket packet) {
2023-06-07 22:58:10 +00:00
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
- this.player.getInventory().pickSlot(packet.getSlot());
2021-06-11 12:02:28 +00:00
+ // Paper start - validate pick item position
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
2021-06-11 12:02:28 +00:00
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
+ // Paper end - validate pick item position
2021-07-07 06:52:40 +00:00
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));