bc127ea819
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: eec4aab0 SPIGOT-6657: Add getPlayer to SheepDyeWoolEvent 205213c6 SPIGOT-6656: CauldronLevelChangeEvent is not fired correctly when dripstone fills the cauldron CraftBukkit Changes: b8c522d5 SPIGOT-6657: Add getPlayer to SheepDyeWoolEvent f04a77dc SPIGOT-6656: CauldronLevelChangeEvent is not fired correctly when dripstone fills the cauldron d1dbcebc SPIGOT-6653: Canceling snow bucket placement removes snow from bucket 4f34a67b #891: Fix scheduler task ID overflow and duplication issues Spigot Changes: d03d7f12 BUILDTOOLS-604: Rebuild patches
26 lines
1.9 KiB
Diff
26 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index 9547869fa430c2e25348c763ea6e709cf2ffcf36..5ec29d1d73a4a828d35cec259469c4929368623f 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -876,7 +876,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Ser
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.getLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|