papermc/Spigot-Server-Patches/0464-Validate-PickItem-Packet-and-kick-for-invalid.patch
Mariell Hoversholm 654b792caf Updated Upstream (CraftBukkit)
Upstream has released updates that appears to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

CraftBukkit Changes:
a339310c #755: Fix NPE when calling getInventory() for virtual EnderChests
2577f9bf Increase outdated build delay
1dabfdc8 #754: Fix pre-1.16 serialized SkullMeta being broken on 1.16+, losing textures
2020-09-27 11:04:51 -04:00

26 lines
1.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index 48d72cd722e1d8207c9eaa2d4d7970af299b8d0d..a19ef358baa4daff6753d034e7c8aab81cd14aa4 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -692,7 +692,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
@Override
public void a(PacketPlayInPickItem packetplayinpickitem) {
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
- this.player.inventory.c(packetplayinpickitem.b());
+ // Paper start - validate pick item position
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
+ // Paper end
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));