testserver/Spigot-Server-Patches/0472-Validate-PickItem-Packet-and-kick-for-invalid.patch
Aikar ab347c4c96
Updated Upstream (Bukkit/CraftBukkit/Spigot)
Upstream has released updates that appears to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Bukkit Changes:
42d5a714 SPIGOT-5899: Hoglins API similar to Piglins
2c1ee10e SPIGOT-5887: ClickType doesn't include off hand swaps
5ff7c7ce SPIGOT-5886: Missing BlockData

CraftBukkit Changes:
7560f5f5 SPIGOT-5905: Fix hex colours not being allowed in MOTD
d47c47ee SPIGOT-5889: Villager using composter should call EntityChangeBlockEvent
2fe6b4a3 SPIGOT-5899: Hoglins API similar to Piglins
e09dbeca SPIGOT-5887: ClickType doesn't include off hand swaps
23aac2a5 SPIGOT-5903: EntityDismountEvent cannot be triggered asynchronously
92cbf656 SPIGOT-5884: Tab completions lost on reloadData / minecraft:reload
fb4e54ad SPIGOT-5902: PlayerRespawnEvent places player at spawn before event is called
aa8f3d5a SPIGOT-5901: Structures are generated in all worlds based on the setting for the main world
a0c35937 SPIGOT-5895: PlayerChangedWorldEvent#getFrom is incorrect
89c0a5c3 SPIGOT-5886: Missing BlockData

Spigot Changes:
0287a20d SPIGOT-5903: EntityDismountEvent cannot be triggered asynchronously
2020-06-30 01:20:29 -04:00

26 lines
1.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index daa066cbec8097b86f8b3c564e8134607e57b3cd..0ece15a8457debc7d8343c894b060e81be845488 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -697,7 +697,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
@Override
public void a(PacketPlayInPickItem packetplayinpickitem) {
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
- this.player.inventory.c(packetplayinpickitem.b());
+ // Paper start - validate pick item position
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
+ // Paper end
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));