From 11fabc955284bc1fb710b06bb82cfcc2aba71fc3 Mon Sep 17 00:00:00 2001 From: Zach Brown Date: Mon, 18 Jul 2016 18:07:48 -0500 Subject: [PATCH] Less strict skull validation Fixes GH-367 --- ...blocking-on-Network-Manager-creation.patch | 4 +- ...r-redstone-torch-rapid-clock-removal.patch | 4 +- .../0166-Less-strict-skull-validation.patch | 44 +++++++++++++++++++ 3 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 Spigot-Server-Patches/0166-Less-strict-skull-validation.patch diff --git a/Spigot-Server-Patches/0151-Avoid-blocking-on-Network-Manager-creation.patch b/Spigot-Server-Patches/0151-Avoid-blocking-on-Network-Manager-creation.patch index 4b57159063..0b48dc94e9 100644 --- a/Spigot-Server-Patches/0151-Avoid-blocking-on-Network-Manager-creation.patch +++ b/Spigot-Server-Patches/0151-Avoid-blocking-on-Network-Manager-creation.patch @@ -1,4 +1,4 @@ -From a4a3433307cd3424707cde90eb7446217e0c4426 Mon Sep 17 00:00:00 2001 +From c3d43cd0b8770d66971b7b80430b67b1694bb7a1 Mon Sep 17 00:00:00 2001 From: Aikar Date: Mon, 16 May 2016 23:19:16 -0400 Subject: [PATCH] Avoid blocking on Network Manager creation @@ -45,5 +45,5 @@ index 5b0488a..25867be 100644 if ( org.spigotmc.SpigotConfig.playerShuffle > 0 && MinecraftServer.currentTick % org.spigotmc.SpigotConfig.playerShuffle == 0 ) { -- -2.9.0 +2.9.2.windows.1 diff --git a/Spigot-Server-Patches/0153-Faster-redstone-torch-rapid-clock-removal.patch b/Spigot-Server-Patches/0153-Faster-redstone-torch-rapid-clock-removal.patch index ee9b2a7b22..53464be4e9 100644 --- a/Spigot-Server-Patches/0153-Faster-redstone-torch-rapid-clock-removal.patch +++ b/Spigot-Server-Patches/0153-Faster-redstone-torch-rapid-clock-removal.patch @@ -1,4 +1,4 @@ -From 9bd888b23873214255d8a861baed7f37031c2573 Mon Sep 17 00:00:00 2001 +From 0191195532931d25a610e0e46ef734c235ed3a24 Mon Sep 17 00:00:00 2001 From: Martin Panzer Date: Mon, 23 May 2016 12:12:37 +0200 Subject: [PATCH] Faster redstone torch rapid clock removal @@ -39,5 +39,5 @@ index 7866bd9..606f982 100644 public RedstoneUpdateInfo(BlockPosition blockposition, long i) { this.a = blockposition; -- -2.9.0 +2.9.2.windows.1 diff --git a/Spigot-Server-Patches/0166-Less-strict-skull-validation.patch b/Spigot-Server-Patches/0166-Less-strict-skull-validation.patch new file mode 100644 index 0000000000..0664abd9fa --- /dev/null +++ b/Spigot-Server-Patches/0166-Less-strict-skull-validation.patch @@ -0,0 +1,44 @@ +From bbf37c133d002558a9e031cf699579d96ded9e3c Mon Sep 17 00:00:00 2001 +From: Zach Brown +Date: Mon, 18 Jul 2016 17:57:36 -0500 +Subject: [PATCH] Less strict skull validation + +Spigot's solution removes all unsigned skins from Skulls. While this does work to achieve its original goal, it is often +overzealous and removes many plugin created and other skulls. We can be more specific in our checks to avoid this. + +This does technically reveal how the exploit works, however given that it already appears to be well-known throughout +malicious communities, and the current solution breaks legitimate skulls, we don't feel particularly bad about it this +time. + +diff --git a/src/main/java/net/minecraft/server/ItemSkull.java b/src/main/java/net/minecraft/server/ItemSkull.java +index 4a9cb67..b2af87a 100644 +--- a/src/main/java/net/minecraft/server/ItemSkull.java ++++ b/src/main/java/net/minecraft/server/ItemSkull.java +@@ -135,11 +135,24 @@ public class ItemSkull extends Item { + boolean valid = true; + + NBTTagList textures = nbttagcompound.getCompound("SkullOwner").getCompound("Properties").getList("textures", 10); // Safe due to method contracts ++ // Paper start - Less strict validation ++ for (NBTBase texture : textures.list) { ++ if (texture instanceof NBTTagCompound && !((NBTTagCompound) texture).hasKeyOfType("Signature", 8)) { ++ if (((NBTTagCompound) texture).getString("Value").trim().length() > 0) { ++ continue; ++ } ++ ++ valid = false; ++ } ++ } ++ /* + for (int i = 0; i < textures.size(); i++) { + if (textures.get(i) instanceof NBTTagCompound && !((NBTTagCompound) textures.get(i)).hasKeyOfType("Signature", 8)) { + valid = false; + } + } ++ */ ++ // Paper end + + if (!valid) { + nbttagcompound.remove("SkullOwner"); +-- +2.9.2.windows.1 +