From 85fb00152a83107d3635b30a6aa0ef7eb22f9931 Mon Sep 17 00:00:00 2001 From: Aikar Date: Sat, 2 May 2020 03:10:26 -0400 Subject: [PATCH] Validate PickItem Packet and kick for invalid - Fixes #3256 --- ...PickItem-Packet-and-kick-for-invalid.patch | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Spigot-Server-Patches/0496-Validate-PickItem-Packet-and-kick-for-invalid.patch diff --git a/Spigot-Server-Patches/0496-Validate-PickItem-Packet-and-kick-for-invalid.patch b/Spigot-Server-Patches/0496-Validate-PickItem-Packet-and-kick-for-invalid.patch new file mode 100644 index 000000000..a779e9b24 --- /dev/null +++ b/Spigot-Server-Patches/0496-Validate-PickItem-Packet-and-kick-for-invalid.patch @@ -0,0 +1,29 @@ +From 35b2b6df0265e4e0743a0456cfa2c3ec73bbe7da Mon Sep 17 00:00:00 2001 +From: Aikar +Date: Sat, 2 May 2020 03:09:46 -0400 +Subject: [PATCH] Validate PickItem Packet and kick for invalid + + +diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java +index 38ec22f4c0..60c3af4d64 100644 +--- a/src/main/java/net/minecraft/server/PlayerConnection.java ++++ b/src/main/java/net/minecraft/server/PlayerConnection.java +@@ -683,7 +683,14 @@ public class PlayerConnection implements PacketListenerPlayIn { + @Override + public void a(PacketPlayInPickItem packetplayinpickitem) { + PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer()); +- this.player.inventory.c(packetplayinpickitem.b()); ++ // Paper start - validate pick item position ++ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < PlayerInventory.getHotbarSize())) { ++ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString()); ++ this.disconnect("Invalid hotbar selection (Hacking?)"); ++ return; ++ } ++ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed ++ // Paper end + this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex))); + this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b()))); + this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex)); +-- +2.26.2 +