d385af0e01
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 0a4b84d6 SPIGOT-7003: Add missing PlayerAnimationType 830db7d5 SPIGOT-5984: Add non deprecated / magic value way to set pixel in MapCanvas 20caf8ff PR-754: Add DamageCause.SONIC_BOOM CraftBukkit Changes: 576a03704 SPIGOT-7003: Add missing PlayerAnimationType 0dcc5fdd0 SPIGOT-5984: Add non deprecated / magic value way to set pixel in MapCanvas d75aacb43 Update Netty version 3b34c6bea SPIGOT-7044: Modified RandomSourceWrapper to ensure random is not null before setting seed 4b60bfd18 PR-1059: Add DamageCause.SONIC_BOOM
26 lines
1.9 KiB
Diff
26 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index 766a5ce5d18aed80e37075f7cfc3b6cb9d33e63a..1bf72668a7fab7fc9a327c2403faf2260ccddb31 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -918,7 +918,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Ser
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.getLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|