Paper/CraftBukkit-Patches/0123-Better-item-validation.patch

160 lines
6.4 KiB
Diff
Raw Normal View History

2015-06-01 11:22:52 +02:00
From 9f4a6bdc6acd7aea362eb840ac4293d6fe21c27d Mon Sep 17 00:00:00 2001
From: Thinkofdeath <thinkofdeath@spigotmc.org>
Date: Wed, 2 Jul 2014 23:35:51 +0100
Subject: [PATCH] Better item validation
diff --git a/src/main/java/net/minecraft/server/DataWatcher.java b/src/main/java/net/minecraft/server/DataWatcher.java
2015-02-28 12:36:22 +01:00
index aa46c28..dec091e 100644
--- a/src/main/java/net/minecraft/server/DataWatcher.java
+++ b/src/main/java/net/minecraft/server/DataWatcher.java
2015-02-28 12:36:22 +01:00
@@ -155,6 +155,17 @@ public class DataWatcher {
2014-11-28 02:17:45 +01:00
arraylist = Lists.newArrayList();
}
2015-02-28 12:36:22 +01:00
+ // Spigot start - copy ItemStacks to prevent ConcurrentModificationExceptions
+ if ( datawatcher_watchableobject.b() instanceof ItemStack )
+ {
2015-02-28 12:36:22 +01:00
+ datawatcher_watchableobject = new WatchableObject(
+ datawatcher_watchableobject.c(),
+ datawatcher_watchableobject.a(),
+ ( (ItemStack) datawatcher_watchableobject.b() ).cloneItemStack()
+ );
+ }
+ // Spigot end
+
2015-02-28 12:36:22 +01:00
arraylist.add(datawatcher_watchableobject);
}
}
2015-02-28 12:36:22 +01:00
@@ -186,6 +197,21 @@ public class DataWatcher {
this.f.readLock().lock();
arraylist.addAll(this.dataValues.valueCollection()); // Spigot
+ // Spigot start - copy ItemStacks to prevent ConcurrentModificationExceptions
+ for ( int i = 0; i < arraylist.size(); i++ )
+ {
+ WatchableObject watchableobject = (WatchableObject) arraylist.get( i );
+ if ( watchableobject.b() instanceof ItemStack )
+ {
+ watchableobject = new WatchableObject(
+ watchableobject.c(),
+ watchableobject.a(),
+ ( (ItemStack) watchableobject.b() ).cloneItemStack()
+ );
+ arraylist.set( i, watchableobject );
+ }
+ }
+ // Spigot end
this.f.readLock().unlock();
return arraylist;
diff --git a/src/main/java/net/minecraft/server/PacketDataSerializer.java b/src/main/java/net/minecraft/server/PacketDataSerializer.java
2015-02-28 12:36:22 +01:00
index 32af4ee..f426c2e 100644
--- a/src/main/java/net/minecraft/server/PacketDataSerializer.java
+++ b/src/main/java/net/minecraft/server/PacketDataSerializer.java
2015-02-28 12:36:22 +01:00
@@ -173,6 +173,10 @@ public class PacketDataSerializer extends ByteBuf {
NBTTagCompound nbttagcompound = null;
2014-11-28 02:17:45 +01:00
if (itemstack.getItem().usesDurability() || itemstack.getItem().p()) {
+ // Spigot start - filter
+ itemstack = itemstack.cloneItemStack();
+ CraftItemStack.setItemMeta(itemstack, CraftItemStack.getItemMeta(itemstack));
+ // Spigot end
2014-11-28 02:17:45 +01:00
nbttagcompound = itemstack.getTag();
}
diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java
2015-04-16 12:19:45 +02:00
index 0318958..0b5ada0 100644
--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java
+++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java
@@ -22,6 +22,10 @@ import net.minecraft.server.IChatBaseComponent;
2014-11-28 02:17:45 +01:00
import net.minecraft.server.NBTTagString;
import org.bukkit.craftbukkit.util.CraftChatMessage;
+// Spigot start
+import static org.spigotmc.ValidateUtils.*;
+// Spigot end
+
@DelegateDeserialization(SerializableMeta.class)
2015-04-16 12:19:45 +02:00
public class CraftMetaBook extends CraftMetaItem implements BookMeta {
static final ItemMetaKey BOOK_TITLE = new ItemMetaKey("title");
2015-04-16 12:19:45 +02:00
@@ -57,11 +61,11 @@ public class CraftMetaBook extends CraftMetaItem implements BookMeta {
super(tag);
if (tag.hasKey(BOOK_TITLE.NBT)) {
- this.title = tag.getString(BOOK_TITLE.NBT);
+ this.title = limit( tag.getString(BOOK_TITLE.NBT), 1024 ); // Spigot
}
if (tag.hasKey(BOOK_AUTHOR.NBT)) {
- this.author = tag.getString(BOOK_AUTHOR.NBT);
+ this.author = limit( tag.getString(BOOK_AUTHOR.NBT), 1024 ); // Spigot
}
boolean resolved = false;
2015-04-16 12:19:45 +02:00
@@ -86,7 +90,7 @@ public class CraftMetaBook extends CraftMetaItem implements BookMeta {
// Ignore and treat as an old book
}
2014-11-28 02:17:45 +01:00
}
- addPage(page);
+ addPage( limit( page, 2048 ) ); // Spigot
}
}
}
diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java
2015-04-16 12:19:45 +02:00
index 8c4f734..2429eef 100644
--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java
+++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java
2015-04-16 12:19:45 +02:00
@@ -47,6 +47,10 @@ import java.util.logging.Logger;
import net.minecraft.server.NBTCompressedStreamTools;
import org.apache.commons.codec.binary.Base64;
+// Spigot start
+import static org.spigotmc.ValidateUtils.*;
+// Spigot end
+
/**
* Children must include the following:
*
2015-04-16 12:19:45 +02:00
@@ -247,7 +251,7 @@ class CraftMetaItem implements ItemMeta, Repairable {
NBTTagCompound display = tag.getCompound(DISPLAY.NBT);
if (display.hasKey(NAME.NBT)) {
- displayName = display.getString(NAME.NBT);
+ displayName = limit( display.getString(NAME.NBT), 1024 ); // Spigot
}
if (display.hasKey(LORE.NBT)) {
2015-04-16 12:19:45 +02:00
@@ -255,7 +259,7 @@ class CraftMetaItem implements ItemMeta, Repairable {
lore = new ArrayList<String>(list.size());
for (int index = 0; index < list.size(); index++) {
- String line = list.getString(index);
+ String line = limit( list.getString(index), 1024 ); // Spigot
lore.add(line);
}
}
diff --git a/src/main/java/org/spigotmc/ValidateUtils.java b/src/main/java/org/spigotmc/ValidateUtils.java
new file mode 100644
index 0000000..58a9534
--- /dev/null
+++ b/src/main/java/org/spigotmc/ValidateUtils.java
@@ -0,0 +1,14 @@
+package org.spigotmc;
+
+public class ValidateUtils
+{
+
+ public static String limit(String str, int limit)
+ {
+ if ( str.length() > limit )
+ {
+ return str.substring( 0, limit );
+ }
+ return str;
+ }
+}
--
2015-05-09 22:23:26 +02:00
2.1.4