Validate PickItem Packet and kick for invalid - Fixes #3256

Spigot-Server-Patches/0496-Validate-PickItem-Packet-and-kick-for-invalid.patch

@@ -0,0 +1,29 @@
+From 35b2b6df0265e4e0743a0456cfa2c3ec73bbe7da Mon Sep 17 00:00:00 2001
+From: Aikar <aikar@aikar.co>
+Date: Sat, 2 May 2020 03:09:46 -0400
+Subject: [PATCH] Validate PickItem Packet and kick for invalid
+
+
+diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
+index 38ec22f4c0..60c3af4d64 100644
+--- a/src/main/java/net/minecraft/server/PlayerConnection.java
++++ b/src/main/java/net/minecraft/server/PlayerConnection.java
+@@ -683,7 +683,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
+     @Override
+     public void a(PacketPlayInPickItem packetplayinpickitem) {
+         PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
+-        this.player.inventory.c(packetplayinpickitem.b());
++        // Paper start - validate pick item position
++        if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < PlayerInventory.getHotbarSize())) {
++            PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
++            this.disconnect("Invalid hotbar selection (Hacking?)");
++            return;
++        }
++        this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
++        // Paper end
+         this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
+         this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
+         this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));
+-- 
+2.26.2
+