papermc/Spigot-Server-Patches/0461-Validate-PickItem-Packet-and-kick-for-invalid.patch
Mariell e38eceb42a
Updated Upstream (Spigot) (#4745)
Upstream has released updates that appears to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Spigot Changes:
a19903d2 SPIGOT-520: Add option to disable player data saving
2020-11-08 10:00:43 +00:00

26 lines
1.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index 9a7a1ebc7b0d4b013575da622ee149249d39590c..37b7925b0c6dea0920d67cacf3b1982e8034e202 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -735,7 +735,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
@Override
public void a(PacketPlayInPickItem packetplayinpickitem) {
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
- this.player.inventory.c(packetplayinpickitem.b());
+ // Paper start - validate pick item position
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
+ // Paper end
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));