Upstream
/
Advanced-Portals
mirror of https://github.com/sekwah41/Advanced-Portals.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed security vulnerability

This commit is contained in:
Sekwah 2020-07-02 02:39:23 +01:00
parent 468715a29f
commit 17fb0c5332
No known key found for this signature in database
GPG Key ID: C3BE2E6C861A461A
7 changed files with 69 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/main/java/com/sekwah/advancedportals/bukkit/AdvancedPortalsPlugin.java
View File

@ -8,6 +8,7 @@ import com.sekwah.advancedportals.bukkit.effects.WarpEffects;
import com.sekwah.advancedportals.bukkit.listeners.*;
import com.sekwah.advancedportals.bukkit.metrics.Metrics;
import com.sekwah.advancedportals.bukkit.portals.Portal;
import org.bukkit.configuration.ConfigurationSection;
import org.bukkit.entity.Player;
import org.bukkit.plugin.java.JavaPlugin;
@ -18,6 +19,8 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
public String channelName = "mc:advancedportals";
public boolean registeredBungeeChannels = false;
// public HashMap<OfflinePlayer, String> PlayerDestiMap = new HashMap<>();
public void onEnable() {
@ -101,11 +104,42 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
}
private void setupBungee() {
// Enables very basic bungee support if not setup right
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this));
if(this.checkIfBungee()) {
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this));
this.getServer().getMessenger().registerOutgoingPluginChannel(this, channelName);
this.getServer().getMessenger().registerIncomingPluginChannel(this, channelName, new PluginMessageReceiver(this));
this.getServer().getMessenger().registerOutgoingPluginChannel(this, channelName);
this.getServer().getMessenger().registerIncomingPluginChannel(this, channelName, new PluginMessageReceiver(this));
registeredBungeeChannels = true;
}
else {
registeredBungeeChannels = false;
}
}
private boolean checkIfBungee()
{
// we check if the server is Spigot/Paper (because of the spigot.yml file)
if ( !getServer().getVersion().contains( "Spigot" ) && !getServer().getVersion().contains( "Paper" ) )
{
this.getServer().getConsoleSender().sendMessage( "\u00A7ePossibly unsupported version for bungee messages detected, channels won't be enabled." );
getLogger().info("If you believe this shouldn't be the case please contact us on discord https://discord.gg/fAJ3xJg");
return false;
}
if ( !getServer().spigot().getConfig().getConfigurationSection("settings").getBoolean( "bungeecord" ) )
{
this.getServer().getConsoleSender().sendMessage( "\n\n\u00A7eThis server does not have BungeeCord enabled.\n" +
"If the server is already hooked to BungeeCord, please enable it into your spigot.yml as well.\n" +
"Yes this can all work without but there is a massive security vulnerability if not enabled.\n" +
"You cannot bypass this if you want bungee features enabled.\n" +
"If you don't want bungee features \u00A7rignore this message\u00A7e, it only shows on start.\n" );
getLogger().warning( "Advanced bungee features disabled for Advanced Portals as bungee isn't enabled on the server (spigot.yml)" );
return false;
}
return true;
}

10
src/main/java/com/sekwah/advancedportals/bukkit/listeners/PluginMessageReceiver.java
View File

@ -32,16 +32,9 @@ public class PluginMessageReceiver implements PluginMessageListener {
if (subchannel.equals(BungeeMessages.SERVER_DESTI)) {
String targetDestination = in.readUTF();
UUID bungeeUUID = UUID.fromString(in.readUTF());
UUID offlineUUID = UUID.fromString(in.readUTF());
Player targetPlayer = this.plugin.getServer().getPlayer(bungeeUUID);
if(targetPlayer == null) {
targetPlayer = this.plugin.getServer().getPlayer(offlineUUID);
this.plugin.getServer().getConsoleSender().sendMessage(ChatColor.RED + BungeeMessages.WARNING_MESSAGE
+ "\n\nThis server is the offending server.");
}
if (targetPlayer != null) {
Player finalTargetPlayer = targetPlayer;
plugin.getServer().getScheduler().scheduleSyncDelayedTask(plugin,
@ -49,6 +42,9 @@ public class PluginMessageReceiver implements PluginMessageListener {
20L
);
}
else {
plugin.getLogger().warning("Could not find player to teleport to destination");
}
}
}

35
src/main/java/com/sekwah/advancedportals/bukkit/portals/Portal.java
View File

@ -489,14 +489,19 @@ public class Portal {
}
if (portal.getDestiation() != null) {
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
outForList.writeUTF(BungeeMessages.ENTER_PORTAL);
outForList.writeUTF(bungeeServer);
outForList.writeUTF(portal.getDestiation());
outForList.writeUTF(player.getUniqueId().toString());
outForList.writeUTF(player.getName());
if(plugin.registeredBungeeChannels) {
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
outForList.writeUTF(BungeeMessages.ENTER_PORTAL);
outForList.writeUTF(bungeeServer);
outForList.writeUTF(portal.getDestiation());
outForList.writeUTF(player.getUniqueId().toString());
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
}
else {
plugin.getLogger().log(Level.WARNING, "You do not have bungee setup correctly. Cross server destinations won't work.");
}
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
}
ByteArrayDataOutput outForSend = ByteStreams.newDataOutput();
@ -568,11 +573,17 @@ public class Portal {
player.removeAttachment(permissionAttachment);
}
} else if (command.startsWith("%") && plugin.getSettings().enabledCommandLevel("b")) {
command = command.substring(1);
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
outForList.writeUTF(BungeeMessages.BUNGEE_COMMAND);
outForList.writeUTF(command);
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
if(plugin.registeredBungeeChannels) {
command = command.substring(1);
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
outForList.writeUTF(BungeeMessages.BUNGEE_COMMAND);
outForList.writeUTF(command);
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
}
else {
plugin.getLogger().log(Level.WARNING, "You do not have bungee setup correctly. For security advanced bungee features won't work.");
}
} else {
player.chat("/" + command);
// player.performCommand(command);

3
src/main/java/com/sekwah/advancedportals/bungee/listener/EventListener.java
View File

@ -21,7 +21,7 @@ public class EventListener implements Listener {
String[] val = plugin.PlayerDestiMap.get(uuid);
// key: UUID (string)
// value: [0] targetServer, [1] targetDestination, [2] onlineUUID, [3] offlineUUID
// value: [0] targetServer, [1] targetDestination, [2] onlineUUID
if (event.getPlayer().getServer().getInfo().getName().equalsIgnoreCase(val[0])) {
@ -30,7 +30,6 @@ public class EventListener implements Listener {
out.writeUTF(BungeeMessages.SERVER_DESTI);
out.writeUTF(val[1]);
out.writeUTF(val[2]);
out.writeUTF(val[3]);
event.getPlayer().getServer().sendData(plugin.channelName, out.toByteArray());
}

28
src/main/java/com/sekwah/advancedportals/bungee/listener/PluginMessageReceiver.java
View File

@ -21,7 +21,7 @@ public class PluginMessageReceiver implements Listener {
@EventHandler
public void onMessageReceived(PluginMessageEvent event) {
if(!event.getTag().equalsIgnoreCase(plugin.channelName)) return;
if(!event.getTag().equalsIgnoreCase(plugin.channelName) || !(event.getSender() instanceof Server)) return;
ByteArrayDataInput in = ByteStreams.newDataInput(event.getData());
String subChannel = in.readUTF();
@ -30,33 +30,11 @@ public class PluginMessageReceiver implements Listener {
String targetServer = in.readUTF();
String targetDestination = in.readUTF();
String targetUUID = in.readUTF();
String targetName = in.readUTF();
String bungeeUUID; // If the bungee is offline mode it will be an offline uuid
plugin.PlayerDestiMap.put(targetUUID, new String[]{targetServer, targetDestination, targetUUID});
String offlineUUID = UUID.nameUUIDFromBytes(("OfflinePlayer:" + targetName).getBytes(Charsets.UTF_8)).toString();
if ( event.getReceiver() instanceof ProxiedPlayer )
{
ProxiedPlayer receiver = (ProxiedPlayer) event.getReceiver();
bungeeUUID = receiver.getUniqueId().toString();
if(!targetUUID.equals(bungeeUUID)) {
Server connection = (Server) event.getSender();
plugin.getLogger().warning(BungeeMessages.WARNING_MESSAGE
+ "\n\nThe server the player was sent from is the offending server.\n" +
"Server Name: " + connection.getInfo().getName());
}
targetUUID = bungeeUUID;
}
else {
plugin.getLogger().warning("There has been an issue getting the player for the teleport request.");
return;
}
plugin.PlayerDestiMap.put(targetUUID, new String[]{targetServer, targetDestination, targetUUID, offlineUUID});
String finalTargetUUID = targetUUID;
plugin.getProxy().getScheduler().schedule(plugin, () -> {
plugin.PlayerDestiMap.remove(finalTargetUUID);
plugin.PlayerDestiMap.remove(targetUUID);
}, 20, TimeUnit.SECONDS);
}
else if (subChannel.equalsIgnoreCase(BungeeMessages.BUNGEE_COMMAND)) {

2
src/main/resources/bungee.yml
View File

@ -1,4 +1,4 @@
main: com.sekwah.advancedportals.bungee.AdvancedPortalsPlugin
name: AdvancedPortals
version: 0.5.5
version: 0.5.6
author: sekwah41

2
src/main/resources/plugin.yml
View File

@ -1,6 +1,6 @@
main: com.sekwah.advancedportals.bukkit.AdvancedPortalsPlugin
name: AdvancedPortals
version: 0.5.5
version: 0.5.6
author: sekwah41
description: An advanced portals plugin for bukkit.
api-version: 1.13