TakeV/Paper
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Paper/Spigot-Server-Patches/0495-Validate-PickItem-Packet-and-kick-for-invalid.patch
Aikar 36f34f01c0
Updated Upstream (Bukkit/CraftBukkit) 
Upstream has released updates that appears to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Bukkit Changes:
da9ef3c5 #496: Add methods to get/set ItemStacks in EquipmentSlots
3abebc9f #492: Let Tameable extend Animals rather than Entity
941111a0 #495: Expose ItemStack and hand used in PlayerShearEntityEvent
4fe19cae #494: InventoryView - Add missing Brewing FUEL_TIME

CraftBukkit Changes:
933e9094 #664: Add methods to get/set ItemStacks in EquipmentSlots
18722312 #662: Expose ItemStack and hand used in PlayerShearEntityEvent
2020-05-06 06:05:22 -04:00

27 lines
1.8 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index a180df220e46eb62f00ae00e2482e1d8d07cb107..02bda8bee469da7d1f845fac58f5d5a762fe76c4 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -691,7 +691,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
@Override
public void a(PacketPlayInPickItem packetplayinpickitem) {
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
- this.player.inventory.c(packetplayinpickitem.b());
+ // Paper start - validate pick item position
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
+ // Paper end
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));
Reference in a new issue View git blame Copy permalink