70ad51a80c
Upstream has released updates that appears to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing My recent work on serialization is now in CraftBukkit so was able to drop the patch and Paper is now consistent with upstream. Bukkit Changes: e2699636 Move API notes to more obvious location CraftBukkit Changes: 1b2830a3 SPIGOT-4441: Fix serializing Components to and from Legacy
26 lines
1.8 KiB
Diff
26 lines
1.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
index c2f2671da9b3598c2f866db1078d4b1d0f3430ef..294e9a47e21be0babad2ea3d2a9b3fc79083e350 100644
|
|
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
@@ -696,7 +696,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
|
|
@Override
|
|
public void a(PacketPlayInPickItem packetplayinpickitem) {
|
|
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
|
|
- this.player.inventory.c(packetplayinpickitem.b());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
|
|
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));
|