c0d07c1b67
Upstream has released updates that appears to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: f009c3dd SPIGOT-5810, SPIGOT-5835: 'Better' handling of Player.isOnGround e677c370 Update ECJ version 5058a35d SPIGOT-5860: Item.setItemStack should be NotNull CraftBukkit Changes: d77f4d9b SPIGOT-5810, SPIGOT-5835: 'Better' handling of Player.isOnGround 53c95627 SPIGOT-5865: Piglin does not trigger EntityPickupItemEvent 2ab04d24 Update ECJ version 7884e079 SPIGOT-5868: Blocks do not tick in custom nether / end 2a848286 SPIGOT-5863: Don't check colour in scoreboard length validation f2cbce30 SPIGOT-5866: Beehive unknown TargetReason Spigot Changes: ad703da0 SPIGOT-5870: /plugins "website" field shows "version" 1a27cfd8 #98: Improve output of /plugins command using text components 732d5bab Disable checkstyle in Spigot blocks 0199a9a6 #97: Add Memory Usage to Ticks Per Second Command. 33ea98fc SPIGOT-5858: NPE: Joining the server with an invalid dimension
26 lines
1.8 KiB
Diff
26 lines
1.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
index 26f659d0ab20bbe365419e8ff38214926e039e2a..93536306c39c1ee574d45f39e8e40df3540c6e51 100644
|
|
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
@@ -697,7 +697,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
|
|
@Override
|
|
public void a(PacketPlayInPickItem packetplayinpickitem) {
|
|
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
|
|
- this.player.inventory.c(packetplayinpickitem.b());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
|
|
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));
|