26734e83b0
* Updated Upstream (Bukkit/CraftBukkit/Spigot) Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 8085edde SPIGOT-6918: Add SpawnCategory API and configurations for Axolotls 04c7e13c PR-719: Add Player Profile API 71564210 SPIGOT-6910: Add BlockDamageAbortEvent CraftBukkit Changes: febaa1c6 SPIGOT-6918: Add SpawnCategory API and configurations for Axolotls 9dafd109 Don't send updates over large distances bdac46b0 SPIGOT-6782: EntityPortalEvent should not destroy entity when setTo() uses same world as getFrom() 8f361ece PR-1002: Add Player Profile API 911875d4 Increase outdated build delay e5f8a767 SPIGOT-6917: Use main scoreboard for /trigger a672a531 Clean up callBlockDamageEvent 8e1bdeef SPIGOT-6910: Add BlockDamageAbortEvent Spigot Changes: 6edb62f3 Rebuild patches 7fbc6a1e Rebuild patches * Updated Upstream (CraftBukkit) Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing CraftBukkit Changes: de951355 SPIGOT-6927: Fix default value of spawn-limits in Worlds
27 lines
1.9 KiB
Diff
27 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index f0630bf6502d0b7be1c63e9c610ca2c8e1edc9d5..f7542d053be38298229719bd63e950fc6d167fb9 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -874,7 +874,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Ser
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.getLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|