45 lines
2.0 KiB
Diff
45 lines
2.0 KiB
Diff
From bbf37c133d002558a9e031cf699579d96ded9e3c Mon Sep 17 00:00:00 2001
|
|
From: Zach Brown <zach.brown@destroystokyo.com>
|
|
Date: Mon, 18 Jul 2016 17:57:36 -0500
|
|
Subject: [PATCH] Less strict skull validation
|
|
|
|
Spigot's solution removes all unsigned skins from Skulls. While this does work to achieve its original goal, it is often
|
|
overzealous and removes many plugin created and other skulls. We can be more specific in our checks to avoid this.
|
|
|
|
This does technically reveal how the exploit works, however given that it already appears to be well-known throughout
|
|
malicious communities, and the current solution breaks legitimate skulls, we don't feel particularly bad about it this
|
|
time.
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/ItemSkull.java b/src/main/java/net/minecraft/server/ItemSkull.java
|
|
index 4a9cb67..b2af87a 100644
|
|
--- a/src/main/java/net/minecraft/server/ItemSkull.java
|
|
+++ b/src/main/java/net/minecraft/server/ItemSkull.java
|
|
@@ -135,11 +135,24 @@ public class ItemSkull extends Item {
|
|
boolean valid = true;
|
|
|
|
NBTTagList textures = nbttagcompound.getCompound("SkullOwner").getCompound("Properties").getList("textures", 10); // Safe due to method contracts
|
|
+ // Paper start - Less strict validation
|
|
+ for (NBTBase texture : textures.list) {
|
|
+ if (texture instanceof NBTTagCompound && !((NBTTagCompound) texture).hasKeyOfType("Signature", 8)) {
|
|
+ if (((NBTTagCompound) texture).getString("Value").trim().length() > 0) {
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ valid = false;
|
|
+ }
|
|
+ }
|
|
+ /*
|
|
for (int i = 0; i < textures.size(); i++) {
|
|
if (textures.get(i) instanceof NBTTagCompound && !((NBTTagCompound) textures.get(i)).hasKeyOfType("Signature", 8)) {
|
|
valid = false;
|
|
}
|
|
}
|
|
+ */
|
|
+ // Paper end
|
|
|
|
if (!valid) {
|
|
nbttagcompound.remove("SkullOwner");
|
|
--
|
|
2.9.2.windows.1
|
|
|