3e90a19183
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 304e83eb PR-1002: Improve documentation and implementation of getMaxStackSize e8215ea2 SPIGOT-7638: Library loader does not seem to resolve every dependency 79c595c0 SPIGOT-7637: Bad logic in checking nullability of AttributeModifier slots CraftBukkit Changes: 91b1fc3f1 SPIGOT-7644: Fix ItemMeta#getAsString 4e77a81e1 SPIGOT-7615: PlayerLeashEntityEvent cancelled eats lead 996f660f3 Do not remove leash knot if leasing to an existing leash knot gets cancelled f70367d42 SPIGOT-7643: Fix inverted leash event cancelled usage and remove leash knot if no entity gets leashed 7ddb48294 SPIGOT-7640: Abnormal jumping height of wind charge 080c8711e SPIGOT-7639: Incoming plugin channels not working ad549847e Open a direct connection instead of pinging mojang server to check if it is reachable 38e2926c5 SPIGOT-7365: DamageCause blocked by shield should trigger invulnerableTime
26 lines
1.9 KiB
Diff
26 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index fedc4654178a3771004394665914efd2b842432a..b3026d2c70419a9de11f5887cbc998f29b7820eb 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -892,7 +892,14 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end - validate pick item position
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|