mirror of
https://github.com/PaperMC/Paper.git
synced 2024-12-15 07:01:36 +08:00
36f34f01c0
Upstream has released updates that appears to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: da9ef3c5 #496: Add methods to get/set ItemStacks in EquipmentSlots 3abebc9f #492: Let Tameable extend Animals rather than Entity 941111a0 #495: Expose ItemStack and hand used in PlayerShearEntityEvent 4fe19cae #494: InventoryView - Add missing Brewing FUEL_TIME CraftBukkit Changes:933e9094
#664: Add methods to get/set ItemStacks in EquipmentSlots18722312
#662: Expose ItemStack and hand used in PlayerShearEntityEvent
27 lines
1.8 KiB
Diff
27 lines
1.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
index a180df220e46eb62f00ae00e2482e1d8d07cb107..02bda8bee469da7d1f845fac58f5d5a762fe76c4 100644
|
|
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
|
|
@@ -691,7 +691,14 @@ public class PlayerConnection implements PacketListenerPlayIn {
|
|
@Override
|
|
public void a(PacketPlayInPickItem packetplayinpickitem) {
|
|
PlayerConnectionUtils.ensureMainThread(packetplayinpickitem, this, this.player.getWorldServer());
|
|
- this.player.inventory.c(packetplayinpickitem.b());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packetplayinpickitem.b() >= 0 && packetplayinpickitem.b() < this.player.inventory.items.size())) {
|
|
+ PlayerConnection.LOGGER.warn("{} tried to set an invalid carried item", this.player.getDisplayName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.inventory.c(packetplayinpickitem.b()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, this.player.inventory.itemInHandIndex, this.player.inventory.getItem(this.player.inventory.itemInHandIndex)));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutSetSlot(-2, packetplayinpickitem.b(), this.player.inventory.getItem(packetplayinpickitem.b())));
|
|
this.player.playerConnection.sendPacket(new PacketPlayOutHeldItemSlot(this.player.inventory.itemInHandIndex));
|