89d51d5f29
Because this exploit has been widely known for years and has not been fixed by Mojang, we decided that it was worth allowing people to toggle it on/off due to how easy it is to make it configurable. It should be noted that this decision does not promise all future exploits will be configurable.
71 lines
4.2 KiB
Diff
71 lines
4.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Spottedleaf <Spottedleaf@users.noreply.github.com>
|
|
Date: Sat, 1 Jan 2022 05:19:37 -0800
|
|
Subject: [PATCH] Validate usernames
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
|
|
index a7da99ac31bbcb8b6f1814a2d5509c7067aafb08..fb582acfe9e5cb68314ee39e1d54a550d6700e76 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
|
|
@@ -63,6 +63,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
|
|
public GameProfile authenticatedProfile; // Paper - public
|
|
private final String serverId;
|
|
private ServerPlayer player; // CraftBukkit
|
|
+ public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding
|
|
|
|
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
|
|
this.state = ServerLoginPacketListenerImpl.State.HELLO;
|
|
@@ -137,7 +138,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
|
|
@Override
|
|
public void handleHello(ServerboundHelloPacket packet) {
|
|
Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);
|
|
- Validate.validState(Player.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]);
|
|
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation && !this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation) Validate.validState(Player.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]); // Paper - config username validation
|
|
this.requestedUsername = packet.name();
|
|
GameProfile gameprofile = this.server.getSingleplayerProfile();
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java
|
|
index 7cd6d91fe154d29ec0b0fc0a5a50713bbc2c1c83..95ba9b3bf957e5f744e85b3834a50ee2eb925a70 100644
|
|
--- a/src/main/java/net/minecraft/server/players/PlayerList.java
|
|
+++ b/src/main/java/net/minecraft/server/players/PlayerList.java
|
|
@@ -678,7 +678,7 @@ public abstract class PlayerList {
|
|
|
|
for (int i = 0; i < this.players.size(); ++i) {
|
|
entityplayer = (ServerPlayer) this.players.get(i);
|
|
- if (entityplayer.getUUID().equals(uuid)) {
|
|
+ if (entityplayer.getUUID().equals(uuid) || (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames
|
|
list.add(entityplayer);
|
|
}
|
|
}
|
|
diff --git a/src/main/java/net/minecraft/world/entity/player/Player.java b/src/main/java/net/minecraft/world/entity/player/Player.java
|
|
index e06cb31f9e3eda651a44dcede095ef7b38ef2ba7..7c0db708575ef26a1dd73709bf22653f21e0c863 100644
|
|
--- a/src/main/java/net/minecraft/world/entity/player/Player.java
|
|
+++ b/src/main/java/net/minecraft/world/entity/player/Player.java
|
|
@@ -2341,9 +2341,23 @@ public abstract class Player extends LivingEntity {
|
|
}
|
|
|
|
public static boolean isValidUsername(String name) {
|
|
- return name.length() > 16 ? false : name.chars().filter((i) -> {
|
|
- return i <= 32 || i >= 127;
|
|
- }).findAny().isEmpty();
|
|
+ // Paper start - username validation overriding
|
|
+ if (name == null || name.isEmpty() || name.length() > 16) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ for (int i = 0, len = name.length(); i < len; ++i) {
|
|
+ char c = name.charAt(i);
|
|
+
|
|
+ if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) {
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ return true;
|
|
+ // Paper end - username validation overriding
|
|
}
|
|
|
|
public static float getPickRange(boolean creative) {
|