TakeV/Paper
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Paper/patches/server/0427-Validate-PickItem-Packet-and-kick-for-invalid.patch
Jason bc127ea819
Updated Upstream (Bukkit/CraftBukkit/Spigot) (#6222) 
Upstream has released updates that appear to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Bukkit Changes:
eec4aab0 SPIGOT-6657: Add getPlayer to SheepDyeWoolEvent
205213c6 SPIGOT-6656: CauldronLevelChangeEvent is not fired correctly when dripstone fills the cauldron

CraftBukkit Changes:
b8c522d5 SPIGOT-6657: Add getPlayer to SheepDyeWoolEvent
f04a77dc SPIGOT-6656: CauldronLevelChangeEvent is not fired correctly when dripstone fills the cauldron
d1dbcebc SPIGOT-6653: Canceling snow bucket placement removes snow from bucket
4f34a67b #891: Fix scheduler task ID overflow and duplication issues

Spigot Changes:
d03d7f12 BUILDTOOLS-604: Rebuild patches
2021-07-18 09:41:53 +02:00

27 lines
1.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index 9547869fa430c2e25348c763ea6e709cf2ffcf36..5ec29d1d73a4a828d35cec259469c4929368623f 100644
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -876,7 +876,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Ser
@Override
public void handlePickItem(ServerboundPickItemPacket packet) {
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.getLevel());
- this.player.getInventory().pickSlot(packet.getSlot());
+ // Paper start - validate pick item position
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
+ this.disconnect("Invalid hotbar selection (Hacking?)");
+ return;
+ }
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
+ // Paper end
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
Reference in a new issue View git blame Copy permalink